ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引页]

译者: 林妙倩(清华大学网络研究院网络空间安全实习生)、戴亦仑(赛宁网安) 原创翻译作品,如果需要转载请取得翻译作者同意。

数据来源:ATT&CK Matrices

原文: https://attack.mitre.org/techniques/T1512

术语表: /attack/glossary

拍摄相机

攻击者可以利用相机捕获有关用户,其周围环境或其他物理标识符的信息。对手可能会使用移动设备上的物理摄像头设备来捕获图像或视频。默认情况下,在Android和iOS中,应用程序必须请求访问权限(由用户通过请求提示来授予)以访问摄像头设备。在Android中,应用程序必须拥有android.permission.CAMERA访问相机的权限。在iOS中,应用程序必须NSCameraUsageDescriptionInfo.plist文件中包含密钥,并且必须在运行时请求对摄像机的访问。

Capture Camera

Adversaries may utilize the camera to capture information about the user, their surroundings, or other physical identifiers. Adversaries may use the physical camera devices on a mobile device to capture images or video. By default, in Android and iOS, an application must request permission to access a camera device which is granted by the user through a request prompt. In Android, applications must hold the android.permission.CAMERA permission to access the camera. In iOS, applications must include the NSCameraUsageDescription key in the Info.plist file, and must request access to the camera at runtime.

标签

ID编号: T1512

战术类型: 事后访问设备

策略: 收集

平台: Android,iOS

MTC ID: APP-19

缓解措施

缓解 描述
应用审查(M1005) 在审查过程中android.permission.CAMERANSCameraUsageDescription可以更紧密地分析使用android权限或iOS plist条目的应用程序。
使用最新的操作系统版本(M1006) Android 9及更高版本限制了后台应用程序对麦克风,摄像头和其他传感器的访
Mitigation Description
Application Vetting(M1005) During the vetting process applications using the android permission android.permission.CAMERA, or the iOS NSCameraUsageDescription plist entry could be analyzed more closely.
Use Recent OS Version(M1006) Android 9 and above restricts access to mic, camera, and other sensors from background applications.

检测

在Android和iOS上,用户可以通过设备设置屏幕查看哪些应用程序有权使用相机,并且用户可以选择撤消该权限。

On Android and iOS, the user can view which applications have permission to use the camera through the device settings screen, and the user can choose to revoke the permissions.