pride and prejudice in progressive web apps abusing
play

Pride and Prejudice in Progressive Web Apps : Abusing Native - PowerPoint PPT Presentation

Sep 11, 2023 •443 likes •1.03k views

Pride and Prejudice in Progressive Web Apps : Abusing Native App-like Features in Web Applications Jiyeon Lee, Hayeon Kim, Junghwan Park, Insik Shin, Sooel Son School of Computing, Graduate School of Information Security 1 Limitations of Web

  1. Pride and Prejudice in Progressive Web Apps : Abusing Native App-like Features in Web Applications Jiyeon Lee, Hayeon Kim, Junghwan Park, Insik Shin, Sooel Son School of Computing, Graduate School of Information Security 1

  2. Limitations of Web Apps • Users spend most of time in native apps • Reasons: ⁻ Heavily depend on network connection ⁻ Low user engagement Apps 188.6 Webs 9.3 Average minutes per visitor Source: comScore Mobile Metrix, U.S., Age 18+, June 2016 2

  3. Limitations of Native Apps • App usage is highly concentrated • Reasons: ⁻ High cost ⁻ Difficult to share Webs 11.4 Apps 4.0 Monthly Unique Visitors (M) Source: comScore Mobile Metrix, U.S., Age 18+, June 2016 3

  4. P rogressive W eb A pps (PWAs) • Introduced by Google in 2015 • Three design goals: reliable, fast, engaging • Success stories ⁻ Twitter Lite ⁻ Financial Times ⁻ Forbes Push Notifications Add to Home Screen Offline Browsing 4

  5. P rogressive W eb A pps (PWAs) • Introduced by Google in 2015 • Three design goals: reliable, fast, engaging Core Components: • Success stories 1) Service Worker 2) Cache ⁻ Twitter Lite ⁻ Financial Times 3) Push SERVICE WORKER ⁻ Forbes CACHE PUSH Push Notifications Add to Home Screen Offline Browsing 5

  6. This Study • We addressed the security and privacy risks to PWAs Vulnerabilities: 1) Service Worker à Cryptocurrency Mining 2) Cache à Inferring User’s Browsing History 3) Push à Phishing Attack SERVICE WORKER CACHE PUSH 6

  7. Technology behind PWAs: Service Worker • HTML5 Web standard technology • Supported by most browsers: ⁻ Firefox 44+, Chrome 45+, Edge 17+, Opera 32+ • Only usable on HTTPS websites • Able to run in the background even when a user leaves a website </> WEB APP SERVICE NETWORK WORKER 7

  8. Offline Browsing • Cache is an origin-bounded local storage • Accessible regardless of the network status • Provides programmable offline interfaces with Service Worker INTERNET SERVICE WORKER SERVICE WORKER CACHE CACHE 8

  9. Web Push Notifications • Re-engaging users with customized content • Can be received by Service Worker even if the browser is closed WEB PUSH SERVICE SERVER SERVER WORKER 9

  10. How Many PWAs Exist in the Wild? • A PWA is a website that registers Service Worker • Collected from the Alexa top 100,000 websites Features Used Number of websites Push 3,351 (80.5%) Cache 513 (12.3%) Both 196 (4.7%) Others 495 (11.9%) Total 4,163 (100%) 10

  11. I-I. Phishing Risks of Web Push 11

  12. General Appearance of Web Push 12

  13. General Appearance of Web Push ICON TITLE DOMAIN BODY 13

  14. Sender Can Customize, ICON TITLE DOMAIN BODY 14

  15. Sender Can Not Customize, ICON TITLE DOMAIN DOMAIN BODY • A domain name is the only element representing the source of a push message localhost:8000 15

  16. Vulnerabilities We Found • The environments that do not display domains ⁻ Firefox on GNOME, Ubuntu MATE, Cinnamon, Budgie, and Pantheon ⁻ Samsung Internet, Firefox on Android • Causes phishing risks Push without domain Push with domain Firefox Chrome Samsung Internet 16

  17. I-II. Phishing risks of Third-Party Push Libraries 17

  18. Emerging Third-party Push Services • Enable website owners to use push features • Provide useful features: ⁻ Scheduling push notifications, Reporting the statistics of subscribers, Supporting HTTP websites Image Source: https://sendpulse.com/features/webpush 18

  19. How push is Supported on HTTP Sites 19

  20. How push is Supported on HTTP Sites 20

  21. How push is Supported on HTTP Sites An actual permission dialog that a browser asks A css-styled permission dialog that is drawn by the library 21

  22. How push is Supported on HTTP Sites Bounding An address of A HTTPS domain that library creates website that user visits 22

  23. Permission Delegation Attack • A network attacker can redirect users to an attacker-controlled website • A visitor has no clue why she is redirected to a different domain NETWORK ATTACKER Powered by Attacker Allow http://benign.com to send notifications? X Powered by library 23

  24. I-III. Domain Name Spoofing Attack of Web Push Notifications 24

  25. Web Push in Detail 7. Push message sent to the browser 8. Push message sent to service worker 5. The endpoint stored 2. Subscribe to push service 6. Push message sent to the 3. Generated SERVICE WEB endpoint URL PUSH endpoint URL WORKER returned SERVER SERVER 1. Asks Yes Permission 4. The endpoint sent to the web server 25

  26. Web Push in Detail https://fcm.googleapis.com/fcm/send/dTb6ILBpUYs:A PA91bGX_Xa91bizHC- ol0qF9fj7f2u9lt3mExBdbhGsE0zCuXkPJioWDgo4wf1m 7. Push message sent to the browser TfZYgqX_-sVWRabWqx3GB9XiA9hsUf- 8. Push message sent to gVnwkkbD8oDLAUIhScYYrmeSZaricyZv3gq3hbzjh48Ad service worker An example of endpointURL 5. The endpoint stored 2. Subscribe to push service 6. Push message sent to the 3. Generated SERVICE WEB endpoint URL PUSH endpoint URL WORKER returned SERVER SERVER 1. Asks Yes Permission 4. The endpoint sent to the web server 26

  27. Web Push in Detail 7. Push message sent to the browser 8. Push message sent to service worker 5. The endpoint stored 2. Subscribe to push service 6. Push message sent to the 3. Generated SERVICE WEB endpoint URL PUSH endpoint URL WORKER returned SERVER SERVER 1. Asks Yes Permission 4. The endpoint sent to the web server 27

  28. Web Push in Detail 7. Push message sent to the browser 8. Push message sent to service worker 5. The endpoint stored 2. Subscribe to push service 6. Push message sent to the 3. Generated SERVICE WEB endpoint URL PUSH endpoint URL WORKER returned SERVER SERVER 1. Asks Yes Permission 4. The endpoint sent to the web server 28

  29. Web Push in Detail 7. Push message sent to the browser 8. Push message sent to service worker 5. The endpoint stored 2. Subscribe to push service The EndpointURL is 6. Push message confidential information! sent to the 3. Generated SERVICE WEB endpoint URL PUSH endpoint URL WORKER returned SERVER SERVER 1. Asks Yes Permission 4. The endpoint sent to the web server 29

  30. Web Push Protocol: VAPID 7. Payload received on the URL is Public Key sent to the browser 8. The payload is decrypted 5. Store the • Designed to authenticate web servers and sent to the service worker endpoint and • Utilizes asymmetrical key pairs encryption keys 2. Subscribe to push service ⁻ Without a private key, cannot send push messages 6. Send the encrypted payload 3. Get generated Private Key to the endpoint SERVICE WEB endpoint and PUSH WORKER encryption key SERVER SERVER 1. Permission Yes asking 4. Send the endpoint and encryption key to the web server 30

  31. VAPID in the Wild 7. Payload received on the URL is sent to the browser 8. The payload is decrypted 5. Store the Third-party Library VAPID and sent to the service worker endpoint and SnedPulse X encryption keys 2. Subscribe to Izooto X push service Pushwoosh X 6. Send the Foxpush X encrypted payload 3. Get generated OneSignal to the endpoint SERVICE WEB endpoint and PUSH WORKER encryption key SERVER Pushcrew SERVER X Pushengage X 1. Permission Yes Urbanairship asking 4. Send the endpoint and encryption key to the web server 31

  32. Domain Spoofing Attack 7. Payload received on the URL is sent to the browser 8. The payload is decrypted 5. Store the and sent to the service worker endpoint and A push with spoofed domain, “kirannewsagency.iz.do” encryption keys 2. Subscribe to push service 6. Send the encrypted payload 3. Get generated to the endpoint SERVICE NETWORK WEB endpoint and PUSH WORKER encryption key ATTACKER SERVER SERVER 1. Permission Yes asking 4. The endpoint sent to the web server over HTTP 32

  33. Why Phishing via Web Push Matters? • Difficult to determine the origin of messages • An attacker can send push messages at any time Real-world phishing 33

  34. II. User Privacy Leak via Offline Usage 34

  35. History Sniffing Attack • Critical privacy threat ⁻ E. Felten at al., Timing Attacks on Web Privacy [CCS 2000] ⁻ Z. Weinberg at al., I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks [S&P 2011] ⁻ S. Son at al., What Mobile Ads Know About Mobile Users [NDSS 2016] • Can leak personal information 35

  36. History Sniffing Attack on PWAs • A new side channel attack that exploits Cache 36

  37. History Sniffing Attack on PWAs • A new side channel attack that exploits Cache • How it works: https://attacker-pwa.com iframe of target 1 iframe of target 2 37

  38. History Sniffing Attack on PWAs • A new side channel attack that exploits Cache • How it works: 1. A victim opens the attacking PWA offline https://attacker-pwa.com iframe of target 1 iframe of target 2 38

  39. History Sniffing Attack on PWAs • A new side channel attack that exploits Cache • How it works: 1. A victim opens the attacking PWA offline https://attacker-pwa.com 2. An onload event will only be triggered iframe of target 1 Onload if victims have visited target PWAs event handler iframe of target 2 Onload event handler 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adaptive Progressive Web Apps PWA Progressive Web Apps are just great websites that can behave

Adaptive Progressive Web Apps PWA Progressive Web Apps are just great websites that can behave

Adaptive Progressive Web Apps PWA Progressive Web Apps are just great websites that can behave like native apps Progressive Web Apps are just great apps, powered by Web technologies and delivered with Web infrastructure.

454 views • 32 slides
Pride Pride and and Pr Prejudic ejudice e and and Fu Fundraising ndraising Katy (Hall)

Pride Pride and and Pr Prejudic ejudice e and and Fu Fundraising ndraising Katy (Hall)

Pride Pride and and Pr Prejudic ejudice e and and Fu Fundraising ndraising Katy (Hall) Orenchuk Vice President for Development Newberry Library Why Pride and Prejudice? A Competitive Marriage Market Fundraising Environment Dos

512 views • 11 slides
Progressive Web Apps Mike Hartington, GDE &amp; Developer Advocate at Ionic Roger Tipping, VP of

Progressive Web Apps Mike Hartington, GDE &amp; Developer Advocate at Ionic Roger Tipping, VP of

Progressive Web Apps Mike Hartington, GDE &amp; Developer Advocate at Ionic Roger Tipping, VP of Client Success at BrieBug What is a Progressive Web App? Progressive Web Apps are an evolution of regular web pages that combine features offered by

557 views • 7 slides
Mobile Cross-Platform Development from a Progressive Perspective Web App Progressive Web App N

Mobile Cross-Platform Development from a Progressive Perspective Web App Progressive Web App N

Mobile Cross-Platform Development from a Progressive Perspective Web App Progressive Web App N N NativeScript Progressive App NativeScript App Progressive Web Apps What makes the difference? Progressive Web Apps bring features

785 views • 59 slides
The Presentation of Speech and Thought in Jane Austen's Pride and Prejudice and in Joe Wright's

The Presentation of Speech and Thought in Jane Austen's Pride and Prejudice and in Joe Wright's

The Presentation of Speech and Thought in Jane Austen's Pride and Prejudice and in Joe Wright's Film Adaptation By Reni Ernst The Presentation of Speech and Thought in Jane Austen's Pride and Prejudice and in Joe Wright's Film Adaptation By Reni

761 views • 6 slides
the Top of the Pride Staircase! Pride Pride Pride 1 st Self Reliance Step Courage Reliable

the Top of the Pride Staircase! Pride Pride Pride 1 st Self Reliance Step Courage Reliable

he View Is Sweeter From the Top of the Pride Staircase! Pride Pride Pride 1 st Self Reliance Step Courage Reliable Pride Determination Pride Pride We As The Conner Cougars Are Proud Of Our Conner Family. Pride Is Pleasure Arising

445 views • 12 slides
CO550 Web Applications UNIT 11 Wider Context of Web Applications, Progressive Web Apps,

CO550 Web Applications UNIT 11 Wider Context of Web Applications, Progressive Web Apps,

CO550 Web Applications UNIT 11 Wider Context of Web Applications, Progressive Web Apps, SEO, and UX Wider Context of Web Applications Progressive Web Apps (PWAs) and Single Page Applications (SPAs) SEO Considerations UX (User

496 views • 31 slides
I. Defining Prejudice Prejudice is the spoiled fruit that grows from the cognitive vine. It

I. Defining Prejudice Prejudice is the spoiled fruit that grows from the cognitive vine. It

I. Defining Prejudice Prejudice is the spoiled fruit that grows from the cognitive vine. It sprouts from a Prejudice kernel of truth among the weeds of Blaine Ch. 4 distortion. It is fertilized by existential fear and the drive for self

486 views • 3 slides
Meet the Progressive Web App Module See Also Session recording Understanding Progressive Web

Meet the Progressive Web App Module See Also Session recording Understanding Progressive Web

Christoph Weber - Director of Technical Services Alex Borsody - Developer Meet the Progressive Web App Module See Also Session recording Understanding Progressive Web Apps and Why You Should Care By Mark Shropshire Friday, 4:00pm - 4:50pm

895 views • 24 slides
Progressive Web Apps the return of the web? Chris Heilmann @codepo8, Goto Berlin, November 2016

Progressive Web Apps the return of the web? Chris Heilmann @codepo8, Goto Berlin, November 2016

Progressive Web Apps the return of the web? Chris Heilmann @codepo8, Goto Berlin, November 2016 Chris Heilmann @codepo8 There is a very cool thing happening right now The honeymoon period of native apps is over.

910 views • 76 slides
Progressive Web Apps: Das Ende der App- Stores oder ber-hyptes Buzzword- Bingo? Karlsruher

Progressive Web Apps: Das Ende der App- Stores oder ber-hyptes Buzzword- Bingo? Karlsruher

Progressive Web Apps: Das Ende der App- Stores oder ber-hyptes Buzzword- Bingo? Karlsruher Entwicklertag 2018 Steffen Jahr @steffenjahr steffen.jahr@thinktecture.com Progressive Web Apps Karlsruher Entwicklertag 2018 Steffen Jahr Who is

917 views • 42 slides
BUILDING PROGRESSIVE WEB APPS IN KOTLIN Erik Hellman @ErikHellman Copenhagen Denmark Actual

BUILDING PROGRESSIVE WEB APPS IN KOTLIN Erik Hellman @ErikHellman Copenhagen Denmark Actual

BUILDING PROGRESSIVE WEB APPS IN KOTLIN Erik Hellman @ErikHellman Copenhagen Denmark Actual Cross Platform! Types - Theyre pretty great! Type definitions for JavaScript DOM APIs lib.dom.d.ts import { LitElement, html, property,

973 views • 81 slides
Supersymmetry Without Prejudice James Gainer May 12, 2009 James Gainer Supersymmetry Without

Supersymmetry Without Prejudice James Gainer May 12, 2009 James Gainer Supersymmetry Without

Supersymmetry Without Prejudice James Gainer May 12, 2009 James Gainer Supersymmetry Without Prejudice SUSY Without Prejudice This talk is based on JHEP 0902:023,2009/ arXiv:0812.0980 [hep-ph] arXiv:0903.4409 [hep-ph] Works in

377 views • 22 slides
Pride flags Sadie, Yael, &amp; Yossi Original Pride Flag Traditional Gay Pride Flag Philly

Pride flags Sadie, Yael, &amp; Yossi Original Pride Flag Traditional Gay Pride Flag Philly

Pride flags Sadie, Yael, &amp; Yossi Original Pride Flag Traditional Gay Pride Flag Philly Pride Flag Transgender Flag Progress Pride Flag Lesbian Flag Non-binary Flag Gender Fluidity flag Bisexual flag Pansexual Flag Asexual flag THANK

563 views • 13 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
Without Prejudice Discussions and Disclosure Issues Content 01 'Protected' conversations

Without Prejudice Discussions and Disclosure Issues Content 01 'Protected' conversations

How (not) to lose an employment tribunal claim Part One: Protected Negotiations, Without Prejudice Discussions and Disclosure Issues Content 01 'Protected' conversations Different types Without Prejudice Pre-termination

421 views • 23 slides
TimeDependent Dielectric Breakdown in HighVoltage GaN MISHEMTs: The Role of Temperature

TimeDependent Dielectric Breakdown in HighVoltage GaN MISHEMTs: The Role of Temperature

TimeDependent Dielectric Breakdown in HighVoltage GaN MISHEMTs: The Role of Temperature Shireen Warnock, Allison Lemus, and Jess A. del Alamo Microsystems Technology Laboratories (MTL) Massachusetts Institute of Technology (MIT)

400 views • 23 slides
Progressive Growing of GANs for Improved Quality, Stability, and Variation Paper: T.Karras,

Progressive Growing of GANs for Improved Quality, Stability, and Variation Paper: T.Karras,

Progressive Growing of GANs for Improved Quality, Stability, and Variation Paper: T.Karras, T.Aila, S.Laine, J. Lehtinen Nvidia and Aalto Univ. ICLR Oral 2018 Stefano Blumberg, UCL Why I chose Paper Excellent Results Introduced New

415 views • 15 slides
PDE-Constrained Optimization using Progressively-Constructed Reduced-Order Models Matthew J.

PDE-Constrained Optimization using Progressively-Constructed Reduced-Order Models Matthew J.

PDE-Constrained Optimization ROM-Constrained Optimization Numerical Experiments Conclusion PDE-Constrained Optimization using Progressively-Constructed Reduced-Order Models Matthew J. Zahr and Charbel Farhat Institute for Computational and

412 views • 23 slides
PROGRESSIVE SCREENING: LONG-TERM CONTRACTING WITH A PRIVATELY KNOWN STOCHASTIC PROCESS Maher

PROGRESSIVE SCREENING: LONG-TERM CONTRACTING WITH A PRIVATELY KNOWN STOCHASTIC PROCESS Maher

PROGRESSIVE SCREENING: LONG-TERM CONTRACTING WITH A PRIVATELY KNOWN STOCHASTIC PROCESS Maher Said with Ralph Boleslavsky (University of Miami) January 2013 LONG-TERM CONTRACTS Long-term contracts are employed widely across many settings:

801 views • 45 slides
CSC321 Lecture 19: Generative Adversarial Networks Roger Grosse Roger Grosse CSC321 Lecture 19:

CSC321 Lecture 19: Generative Adversarial Networks Roger Grosse Roger Grosse CSC321 Lecture 19:

CSC321 Lecture 19: Generative Adversarial Networks Roger Grosse Roger Grosse CSC321 Lecture 19: Generative Adversarial Networks 1 / 25 Overview In generative modeling, wed like to train a network that models a distribution, such as a

920 views • 25 slides
BBPH: Using Progressive Hedging Within Branch and Bound to Solve Multi-Stage Stochastic Mixed

BBPH: Using Progressive Hedging Within Branch and Bound to Solve Multi-Stage Stochastic Mixed

BBPH: Using Progressive Hedging Within Branch and Bound to Solve Multi-Stage Stochastic Mixed Integer Programs David L. Woodruff and Jason Barnett University of California Davis Jean-Paul Watson Sandia National Laboratories Berlin, January

295 views • 14 slides
Placeto: Efficient Progressive Device Placement Optimization Ravichandra Addanki, Shaileshh Bojja

Placeto: Efficient Progressive Device Placement Optimization Ravichandra Addanki, Shaileshh Bojja

Placeto: Efficient Progressive Device Placement Optimization Ravichandra Addanki, Shaileshh Bojja Venkatakrishnan, Shreyan Gupta, Hongzi Mao, Mohammad Alizadeh Recall--- What is Device Placement G(V,E): the computational graph of a neural

638 views • 16 slides
Mormon scriptures and Biblical Progressive Revelation Does God change his mind? Can scriptures

Mormon scriptures and Biblical Progressive Revelation Does God change his mind? Can scriptures

What is the Mormon Church. . . . . really? Mormon scriptures and Biblical Progressive Revelation Does God change his mind? Can scriptures change? Teacher, Yvon Prehn It seemed so simple at first Changes in Mormon Scripture vs. unchanging

486 views • 17 slides

More recommend