Title

Apple iOS must disable screen capture. (Cat III impact)

Discussion

By allowing the screen capture function, a user has the ability to capture a screen containing sensitive information and then transfer it to an application not authorized to store or process that type of information. For example, the unauthorized app may automatically perform cloud backup to non-DoD servers. If a screen capture containing sensitive information was copied to a location with inadequate protection, there is a risk that an adversary could obtain it. Disabling the screen capture function will mitigate the risk of leaking sensitive information.

Check Content

This check procedure is performed on the iOS Over-the-Air management tool and the iOS device. Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS Over-the-Air management tool, verify "Allow screenshots" is unchecked. For example, in Mobile Iron Admin Portal: 1. Ask the MDM administrator to display the "POLICIES & CONFIGS". 2. Click or tap on the word "Configurations". 3. Click or tap the configuration name. 4. Expand "Details" under "App Setting Details". 5. Verify that "Allow Screen Capture" is set to "false". Alternatively, verify the text "<key>allowScreenShot</key> <false/>" appears in the configuration profile (.mobileconfig file). On the iOS device: 1. Open Photos app. 2. Select "Camera Roll". 3. Visually notice the most recent photo in the camera roll. 4. Press and release both the Sleep/Wake button and the Home button. 5. Verify the most recent photo is the same photo from step 3. If "Allow screenshots" is checked in the iOS Over-the-Air management tool; "<key>allowScreenShot</key> <true/>" appears in the configuration profile; or by quickly pressing and releasing both the Sleep/Wake button and the Home button, the screen flashes when the screenshot is taken, and the screenshot is added to the Camera Roll album, this is a finding.

Fix Text

Configure Apple iOS to disallow the screen capture function. In the iOS Over-the-Air management tool, uncheck "Allow screenshot". For example, in Mobile Iron Admin Portal, edit the configuration and deselect "Allow screen capture".

Additional Identifiers

Rule ID:

Vulnerability ID: V-43229

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.