Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Newly discovered data access breach in Win10 UWP (Metro, “Store”) apps

    Home Forums AskWoody blog Newly discovered data access breach in Win10 UWP (Metro, “Store”) apps

    This topic contains 16 replies, has 11 voices, and was last updated by  anonymous 3 weeks, 6 days ago.

    • Author
      Posts
    • #227588 Reply

      woody
      Da Boss

      There’s a bug in the UWP API that lets appropriately programmed apps look at all of your data. Günter Born says: (The malicious UWP) app is not limite
      [See the full post at: Newly discovered data access breach in Win10 UWP (Metro, “Store”) apps]

      4 users thanked author for this post.
    • #227597 Reply

      WildBill
      AskWoody Lounger

      Well, that tears it. Even if Microsoft fixes the bug, I’ll never move to Win10 whatever. Neither Home nor Pro! Yes, I know it will be fixed… but what’s to stop some coder from breaking it again? It’s always been a matter of trust, but MS just lost mine for good when it comes to Windows 10. As long as they don’t break Win8.1 before 2023… bugs start popping up after January 2020, then Linux Mint, here I come!

      Windows 8.1, 64-bit, now in Group B!
      Wild Bill Rides Again...

      4 users thanked author for this post.
      • #227629 Reply

        Susan Bradley
        AskWoody MVP

        The store process means that apps are vetted so isn’t this a theoretical attack rather than one we will see in reality?  It’s like the iPhone bugs that they say “first you have to jailbreak the device”…. well yeah….

        Susan Bradley Patch Lady

        1 user thanked author for this post.
        • #227632 Reply

          anonymous

          This isn’t theoretical if Microsoft vetting isn’t reliable, and Microsoft patching all but guarantees that it isn’t.

          1 user thanked author for this post.
          • #227642 Reply

            Susan Bradley
            AskWoody MVP

            I’ll see if I can find it but I recall a stat that indicated that the Windows store apps actually had less malicious apps than Apple and Android.  Vetting was indeed very good.

            Susan Bradley Patch Lady

            2 users thanked author for this post.
        • #227659 Reply

          Jan K.
          AskWoody Lounger

          The store process means that apps are vetted…

          Apparently they vet as good as they test patches link

          1 user thanked author for this post.
        • #227670 Reply

          lurks about
          AskWoody Lounger

          What I understood was the problem is UWP apps were granted extensive file reading (writing?) privileges even when the developer did not invoke them or request them. Thus it sounds like a carefully crafted app could harvest files from anywhere on the box and send them to their mothership. How practical this mode would be; I do not know.

          1 user thanked author for this post.
      • #234790 Reply

        anonymous

        You do realize that this “security breach” only allows UWP apps to do the same thing that standard windows apps from Windows 7 or 8 can already do? Without asking? Always?

        1 user thanked author for this post.
        b
    • #227601 Reply

      Seff
      AskWoody Lounger

      Surely not! Windows 10 is the most secure version of Windows, is it not?

      Thanks for the info, Woody.

      2 users thanked author for this post.
      • #227608 Reply

        Charlie
        AskWoody Lounger

        Ha Ha Ha – whew, I needed a good laugh!  If you have to ask – well you know.

        Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

    • #227611 Reply

      lanceboil
      AskWoody Lounger

      And the hits keep on coming, lol.

    • #227618 Reply

      b
      AskWoody Lounger

      There’s a bug in the UWP API that lets appropriately programmed apps look at all of your data.

      But there are unlikely to be any such apps (apart from Microsoft’s App Installer and Diagnostics Data Viewer) because;

      If you submit an app to the Store that declares this capability, you will need to supply additional descriptions of why your app needs this capability, and how it intends to use it.
      Docs / Windows / UWP / Develop / Files, folders, and libraries / File access permissions

      And the capability can be disabled per device, per user or per app.

      As for the app crash on 1809; that sounds like a programmer error:

      Some capabilities provide apps with access to a sensitive resource. These resources are considered sensitive because they can access the user’s personal data or cost the user money. Privacy settings, managed by the Settings app, let the user dynamically control access to sensitive resources. Thus, it’s important that your app doesn’t assume a sensitive resource is always available.
      Docs / Windows / UWP / Develop / Packaging apps / App capability declarations

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

      1 user thanked author for this post.
      • #227624 Reply

        woody
        Da Boss

        There are definitely nuances. In this case, it appears as if the app did NOT come from the Store.

        1 user thanked author for this post.
    • #227837 Reply

      mn–
      AskWoody Lounger

      … so, let’s see…

      1. UWP apps from outside the Store have direct filesystem access on by default in previous versions of Windows 10, but off by default in 1809. The bug is that the permission dialog doesn’t display automatically on first instance of the specific app requiring this permission.

      2. UWP apps that need direct filesystem access and don’t have it, throw an exception that defaults to crashing the app unless caught. The permission state can change while app is running and takes effect immediately.

      Now, unless there’s something even weirder going on, surely the user’s UWP apps still run in the normal user context and thus only have at most as much capability as the user’s non-UWP processes, thus not causing any inherent extra risk just due to being UWP? Such as in this case with a business-specific internal app, apparently…?

      What I find potentially somewhat risky is the unexpected state change, which logically might prevent the app from saving its data to disk, thus having the potential for data loss. This is not markedly different from non-UWP apps running into an unexpected permissions problem at file open time but might differ for files that were already open, or does the UWP platform prevent continuously open files or something?

       

      Not going into whatever may be going on with the Store – the “vetting” processes would reduce risks but not eliminate.

      • This reply was modified 1 month, 2 weeks ago by  mn--.
      • #227856 Reply

        mn–
        AskWoody Lounger

        … hm, it seems that the “broad filesystem access” privacy settings entry just isn’t there at all in at least W10 1709…

        Now, from https://stackoverflow.com/questions/49728846/uwp-c-sharp-folderpicker-without-dialog and elsewhere, broad filesystem access was supposed to either not exist or default to off in older versions.

        Anyone know which versions are vulnerable, then? From context I’d guess at least 1803 but could go way back…

         

         

        • #231464 Reply

          b
          AskWoody Lounger

          Looks to me like only 1803 (not earlier versions) could possibly have been regarded as vulnerable, and 1809 is not.

          But the guy who discovered the bug has now updated his blog entry, and I’m not convinced that he ever considered it to be exploitable:

          Update: There has been a bit of misunderstanding on how this works. The broadFileSystemAccess is a restricted capability that an application could be granted, it is not an API. As a developer as well, I have to opt-in to using the capability. Any application in the store with the capability goes through extra verification by the Store team before any user gets it and the user is aware they are granting the application the permission to use the capability as well.
          Important information about the new capability of broadFileSystemAccess in UWP apps

          Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker"

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Newly discovered data access breach in Win10 UWP (Metro, “Store”) apps

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.