Communications of the ACM
Why Businesses Should Use Caution With Html5-Based Mobile Apps
Researchers warn known vulnerabilities in HTML5 could allow malicious code execution in mobile apps.
Credit: Web Hypertext Application Technology Working Group
University of Syracuse researchers found that vulnerabilities in HTML5 could enable malicious code execution in mobile apps. They say the problem arises from developers using application programming interfaces (APIs) during development that could enable apps to send code to the JavaScript engine for execution.
The vulnerability could enable the app to automatically execute malicious code sent to the app from several sources, including SMS messages, Wi-Fi, Bluetooth, quick response codes, JPEG images, and metadata within MP3 files.
The researchers studied 186 HTLM5-based Android apps that used the PhoneGap middleware to access smartphone systems, and found 11 were vulnerable to code-injection attacks. However, they caution because of the platform-agnostic nature of HTML5, the vulnerability also could affect iOS and Windows Phone, and other middleware frameworks such as RhoMobile and Appcelerator.
More than half of mobile apps are expected to incorporate HTML5 by 2016, but the vulnerability also could affect Web apps not developed using HTML5. "Since apps are portable across platforms, so are their vulnerabilities," the researchers note. "Therefore, our attacks also work on other platforms."
From CSO Online
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found