Information that is cached may become accessible to other applications, and certainly becomes accessible if the device is found or stolen by a third party.
viaForensics [viaForensics 2014] warns of four situations where caching information may lead to sensitive data being leaked:
[This rule may require four NCCE/CS pairs.]
This noncompliant code example shows an application that caches sensitive information.
TBD |
Another application could access the cache, thereby revealing the sensitive information.
In this compliant solution the sensitive information is not cached.
TBD |
Caching sensitive information may result in the information becoming accessible.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DRD22-J | Medium | Probable | High | P4 | L3 |
It is not possible to automatically detect all situations when sensitive information may be cached.
[viaForensics 2014] | 15. Be aware of the keyboard cache |