Last minute geek

last minute tech news from around the net

Friday, Feb 28th

Last update11:47:00 PM

You are here: English BoingBoing ibag Whatsapp, Slack, Skype and apps based on popular Electron framework vulnerable to backdoor attacks

Whatsapp, Slack, Skype and apps based on popular Electron framework vulnerable to backdoor attacks

User Rating: / 0
This week at B-Sides LV, security researcher Pavel Tsakalidis presented his work on security defects in the Electron framework, a cross-platform development framework that combines Javascript with Node.js: apps built with Electron include Skype, Slack, Whatsapp, Visual Studio Code and others. Tsakalidis showed how the lack of basic encryption for Electron code leaves users vulnerable to hackers who inject back-door code into their sessions, which exposes their communications, filesystem, and cameras and mics to third parties. These changes are harder to make in Macos or GNU/Linux systems (where admin access is required), but Windows systems are wide open. To make things worse, Electron's team had previously rejected a user request for encryption to protect its files, and when Tsakalidis presented his work to them, they ignored him. Tsakalidis has released a proof-of-concept tool called BEEMKA, a small Python program that can open Electron ASAR archive files and insert exploit code into them, exploiting apps and Chrome plugins built in the framework. Code inserted into the ASAR can run either within the application's context or within the context of the Electron framework itself. Application code is "plain old JavaScript," Tsakalidis explained, capable of calling Electron's operating-specific modules—including microphone and camera controls, as well as operating system interfaces. Code injected into Electron's internal Chrome extensions can allow attackers to bypass certificate checks, so that, while code may still force communications over HTTPS, an attacker can use a self-signed certificate on a remote system for exfiltration. And Web communications can be altered or completely blocked—including applications' updating features, which would prevent new versions from being automatically installed, displacing the backdoored application. Read the rest

Read all
Comment Policy:
We pre-moderate any comments and welcome all kinds of thoughts, supportive, dissenting, critical or otherwise. We delete or censor comments that are:

* abusive
* off-topic
* contain personal attacks, or against any company or organization
* promote hate of any kind
* use excessively foul language
* is blatantly spam or advertising

We do not discriminate based on the person who is posting, and we never censor comments for political or ideological reasons. We never delete an appropriate comment because we disagree with its viewpoint or ideology, and we never publish an inappropriate comment because we agree with or support its viewpoint or ideology.

Attention spammers: we manually approve all comments. Spamming and blatant advertising will NOT be published on this site and is deleted immediately, you've been warned, do not waste your time here.

Add comment

Security code