Your IT Consultant

Sandboxing Won’t Help You on a Mac

February 12, 2018

The concept is great. Create an area of computer memory to run processes in an isolated environment. The method is called sandboxing and is a great security method to protect your computer from harmful activities. Unfortunately, malicious app developers can use the Mac screenshot function to steal passwords, keys, tokens and other user data. According to Fastlane Tools founder Felix Krause, any Mac app, sandboxed or not, can access the CGWindowListCreateImage function and secretly take screenshots of the user's screen. Once you have the screenshot, you can programmatically read the text that was captured.

Krause offered some mitigations that Apple could use to prevent abuse of the CGWindowListCreateImage function. One is to add a permission dialog for apps that use the function to take screenshots. Another is to have macOS notify users when an app is taking screenshots of a user's screen. Krause said, "There are lots of valid use-cases for Mac apps to record the screen, e.g. 1Password 2fA support or screen recording software, however there must be some kind of control."

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com