←back to thread

Everyone knows all the apps on your phone

(peabee.substack.com)
1192 points gniting | 5 comments | 29 Mar 25 21:26 UTC | HN request time: 0.883s | source
Show context
cheschire ◴[29 Mar 25 23:43 UTC] No.43519772[source]
Can windows apps (not installed from the MS store) enumerate through the window titles of all open windows? How hard would it be for an app to monitor all of your web traffic based on the title alone?

Legit question. ChatGPT isn't super helpful here since it agrees with everything when I'm really looking for someone to say why this isn't really feasible in the real world.

replies(8): >>43519783 #>>43519798 #>>43519847 #>>43519871 #>>43520382 #>>43520475 #>>43521311 #>>43521404 #
1. bcoates ◴[30 Mar 25 01:42 UTC] No.43520475[source]
Windows has a whole different (looser, older) security model. There are no security barriers between windows running on the same desktop. (In particular, "UAC is [still] not a security barrier"--when you hit ok/type in a password to elevate a process, you’re effectively elevating the whole desktop and everything you're running.)
replies(2): >>43520653 #>>43520707 #
2. jorvi ◴[30 Mar 25 02:18 UTC] No.43520653[source]
No, that is completely wrong and would be nuts. The only way the whole session gets elevated is if you'd launch explorer.exe with an admin token.

The way privilege escalation works on Windows is that pretty much everything gets launched with a standard user access token by default, and processes can request an admin access token in a few ways, UAC being the main one. When a process is supplied that token, that process is elevated.

It is more akin to 'sudo' rather than 'su', which makes sense because its progenitor is 'runas' from Windows 2000.

replies(1): >>43520731 #
3. SpaghettiCthulu ◴[30 Mar 25 02:28 UTC] No.43520707[source]
Can you inject into an elevated process from a non-elevated one?
4. bcoates ◴[30 Mar 25 02:33 UTC] No.43520731[source]
(Only) the process is elevated, but the process has a window on a shared session, and the OS does not successfully protect processes that share a session (and user, and registry, and disk, etc., etc.) from controlling each other.

From an API point of view, only one process is elevated. From a security point of view, if one process is elevated they all are, due to a lack of any effective mechanism that actually stops them.

replies(1): >>43520812 #
5. jorvi ◴[30 Mar 25 02:48 UTC] No.43520812{3}[source]
No, even then there are things like Mandatory Integrity Control and Windows Message Restrictions / UIAccess. I'd dive into to deeper but I just got home from going out haha. Those terms should help you dig into it though!

I do fully agree that desktop OSes are a legacy security model and they can't hold a candle to that of iOS. Android is getting there, but because it also started from mostly an open all-access model it's been having the same warts.