Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security issues on Windows 10 lock screen #5269

Closed
nvaccessAuto opened this issue Aug 6, 2015 · 4 comments
Closed

Security issues on Windows 10 lock screen #5269

nvaccessAuto opened this issue Aug 6, 2015 · 4 comments

Comments

@nvaccessAuto
Copy link

@nvaccessAuto nvaccessAuto commented Aug 6, 2015

Reported by jteh on 2015-08-06 00:42
Unlike earlier versions of Windows, the Windows 10 lock screen no longer runs on the winlogon secure desktop. Instead, it runs on the default (normal) desktop, but you can't switch apps, bring other windows to the foreground, etc. Unfortunately, this doesn't stop users from exploring other apps with the review cursor, reading/manipulating the clipboard, messing with the user's NVDA configuration, etc. IMO, this is a pretty nasty security issue in Windows itself, but this is apparently what Microsoft have chosen to do.

We can't simply start a secure copy of NVDA, as that would involve restarting the user's normal copy (since this is on the default desktop), which would result in loss of state and potentially be a bit slow. Therefore, we're going to have to somehow disable relevant parts of NVDA.

I think this will basically consist of three parts:

  1. Preventing the user from object navigating out of the lock screen;
  2. Blocking all non-essential scripts;
  3. If we want to allow the synth settings ring commands, creating a temporary configuration which is thrown away when the lock screen goes away.
@nvaccessAuto
Copy link
Author

@nvaccessAuto nvaccessAuto commented Aug 6, 2015

Comment 1 by James Teh <jamie@... on 2015-08-06 07:23
In [6795af8]:

On the Windows 10 lock screen, it is no longer possible to read the clipboard, access running applications with the review cursor, change NVDA configuration, etc.

Also, NVDA no longer says "LockAppHostFrameWindow" just before the lock screen appears.
Fixes #5269.

Changes:
State: closed

@nvaccessAuto
Copy link
Author

@nvaccessAuto nvaccessAuto commented Aug 6, 2015

Comment 2 by jteh on 2015-08-06 07:24
In the end, I didn't bother allowing the user to change configuration at all. This makes things simpler and this has limited usefulness anyway, since some configuration can't be accessed without using GUI anyway.

@nvaccessAuto nvaccessAuto added this to the 2015.3 milestone Nov 10, 2015
jcsteh added a commit that referenced this issue Nov 23, 2015
…lipboard, access running applications with the review cursor, change NVDA configuration, etc.

Also, NVDA no longer says "LockAppHostFrameWindow" just before the lock screen appears.
Fixes #5269.
@Mohamed00
Copy link

@Mohamed00 Mohamed00 commented Feb 17, 2019

It seems like part of this fix is broken on Windows 10 1903. When I tested on this version of Windows, I was able to successfully leave the lock screen with the review cursor, though I couldn't view what was on the clipboard. Can anyone else test this?

@jcsteh
Copy link
Contributor

@jcsteh jcsteh commented Feb 18, 2019

Ug. I can confirm with Windows 10 1809. I'm not sure what changed, but it seems you can now go next from the window. Perhaps this was always possible and I just missed this, but I doubt it.

Technical: event_NVDAObject_init in appModules/lockapp.py needs to disable next and previous. Currently, it only disables parent. Unfortunately, I can't deal with this myself right now; testing fixes on screens like this is pretty time consuming. CC @michaelDCurran.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants