2024年4月15日02:25:26评论2 views字数 1862阅读6分12秒阅读模式

访问通知

恶意应用程序可以读取操作系统或其他应用程序发送的通知，其中可能包含敏感数据，例如通过SMS，电子邮件或其他介质发送的一次性身份验证代码。恶意应用程序还可以消除通知，以防止用户注意到通知已到达，并可能触发通知中包含的操作按钮。

A malicious application can read notifications sent by the operating system or other applications, which may contain sensitive data such as one-time authentication codes sent over SMS, email, or other mediums. A malicious application can also dismiss notifications to prevent the user from noticing that the notifications arrived and can trigger action buttons contained within notifications

缓解措施

减轻描述

应用程序开发人员指南 (M1013) 可以鼓励应用程序开发人员避免将敏感数据放在通知文本中。

企业政策(M1012) 在具有受管工作资料的Android设备（设备的企业受管部分）上，该DevicePolicyManager.setPermittedCrossProfileNotificationListeners方法可用于管理在主要用户（设备的个人方面）内运行的应用程序列表（包括将其设置为空列表）可以查看托管配置文件中发生的通知。但是，此策略仅影响在托管配置文件中生成的通知，而不影响设备的其余部分。该DevicePolicyManager.setApplicationHidden方法可用于禁用正在访问通知的有害应用程序，但是使用此方法将阻止整个应用程序运行。

减轻	描述
应用程序开发人员指南 (M1013)	可以鼓励应用程序开发人员避免将敏感数据放在通知文本中。
企业政策(M1012)	在具有受管工作资料的Android设备（设备的企业受管部分）上，该`DevicePolicyManager.setPermittedCrossProfileNotificationListeners`方法可用于管理在主要用户（设备的个人方面）内运行的应用程序列表（包括将其设置为空列表）可以查看托管配置文件中发生的通知。但是，此策略仅影响在托管配置文件中生成的通知，而不影响设备的其余部分。该`DevicePolicyManager.setApplicationHidden`方法可用于禁用正在访问通知的有害应用程序，但是使用此方法将阻止整个应用程序运行。

Mitigation Description

Application Developer Guidance(M1013) Application developers could be encouraged to avoid placing sensitive data in notification text.

Enterprise Policy(M1012) On Android devices with a managed work profile (enterprise managed portion of the device), the DevicePolicyManager.setPermittedCrossProfileNotificationListeners method can be used to manage the list of applications (including setting it to an empty list) running within the primary user (personal side of the device) that can see notifications occurring within the managed profile. However, this policy only affects notifications generated within the managed profile, not by the rest of the device. The DevicePolicyManager.setApplicationHidden method can be used to disable unwanted applications that are accessing notifications, but using this method would block that entire application from running.

Mitigation	Description
Application Developer Guidance(M1013)	Application developers could be encouraged to avoid placing sensitive data in notification text.
Enterprise Policy(M1012)	On Android devices with a managed work profile (enterprise managed portion of the device), the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications (including setting it to an empty list) running within the primary user (personal side of the device) that can see notifications occurring within the managed profile. However, this policy only affects notifications generated within the managed profile, not by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable unwanted applications that are accessing notifications, but using this method would block that entire application from running.

检测

用户可以通过设备设置检查（和修改）具有通知访问权限的应用程序列表（例如，应用程序和通知->特殊应用程序访问->通知访问权限）。

The user can inspect (and modify) the list of applications that have notification access through the device settings (e.g. Apps & notification -> Special app access -> Notification access).

- 译者: 林妙倩、戴亦仑 . source:cve.scap.org.cn

左青龙
微信扫一扫

右白虎
微信扫一扫

ATT&CK - 访问通知

访问通知

标签

缓解措施

检测

无出境记录！警方披露猫一杯炮制秦朗事件详情

24小时内超25万人爆仓！比特币闪崩，2小时跳水超7000美元

ATT&CK -

ATT&CK - 远程服务的利用

ATT&CK - 文件和目录披露

ATT&CK - 凭据转储

ATT&CK - 绕过用户帐户控制

ATT&CK -

ATT&CK -

ATT&CK - 通过可移动媒体进行复制

发表评论

在线咨询

微信