ISSUE-28: What specific attacks are prevented by OS screenshots, should this be recommended against generally?
What specific attacks are prevented by OS screenshots, should this be recommended against generally?
- State:
- PENDING REVIEW
- Product:
- UI Security
- Raised by:
- Opened on:
- 2012-11-01
- Description:
- The use of OS level screenshots for the UI Security input protection heuristic protects against certain classes of attack, but are more prone to interference from accessibility technologies. When should we recommend or recommend against their use?
- Related Actions Items:
- No related actions
- Related emails:
- No related emails
Related notes:
Resolved with following spec text:
If a user agent is able to detect that accessibility technologies are in use
that cannot be applied uniformly as part of the <strong>obstruction
check</strong>, the check MUST be disabled. In some cases,
interference from accessiblity tools may be avoided by acquiring
the <strong>user image</strong> in terms of the user agent's local
rendering surface, rather than using an operating-system level
screenshot.
Display change log