Abusing Native App-like Features in Web Applications
|Title:||Abusing Native App-like Features in Web Applications|
|Date:||August 06, 2019 (Tuesday)|
|Time:||4:00 pm - 5:00 pm|
|Venue:||Room 121, 1/F, Ho Sin-Hang Engineering Building, The Chinese University of Hong Kong, Shatin, N.T.|
|Speaker:|| Prof. Sooel Son
Assistant Professor KAIST School of Computing (SoC) and Graduate School of Information Security (GSIS)
Progressive Web App (PWA) is a new generation of Web application designed to provide native app-like browsing experiences even when a browser is offline. PWAs make full use of new HTML5 features which include push notification, cache, and service worker to provide short-latency and rich Web browsing experiences. We conduct the first systematic study of the security and privacy aspects unique to PWAs. We identify security flaws in main browsers as well as design flaws in popular third-party push services, that exacerbate the phishing risk. We introduce a new side-channel attack that infers the victim’s history of visited PWAs. The proposed attack exploits the offline browsing feature of PWAs using a cache. We demonstrate a cryptocurrency mining attack which abuses service workers.
Sooel Son is an assistant professor at KAIST School of Computing (SoC) and Graduate School of Information Security (GSIS). He received his Computer Science PhD from The University of Texas at Austin. Before KAIST, he worked on building frameworks that identify invasive Android applications at Google. His research focuses on Web security and privacy problems. He is interested in analyzing Web applications, finding Web vulnerabilities, and implementing new systems to find such vulnerabilities.
Enquiries: Ms. Shirley Lau at tel. 3943 8439
For more information, please refer to http://www.cse.cuhk.edu.hk/en/events