The problem seems to exist in the vulnerable context of Electron development (Electron development framework).
The Electron development framework creating chat applications is a very popular framework among developers and supports many projects. Its system Electron is based on JavaScript and Node.js and is used to create Skype, WhatsApp, Slack applications as well as many other Internet communication tools.
However, according to the researcher Pavel Tsakalidis, the Electron development framework is a very serious threat to application security.
At BSides LV this week in Las Vegas, Tsakalidis presented the tool BEAM for the disconnectionpressure αρχείων Electron ASAR, του ενσωματωμένου κώδικα στα Electron JavaScript libraries και στις ενσωματωμένες επεκτάσεις του προγράμματος περιήγησης Chrome.
We should note that the vulnerability discovered by the researcher does not exist in the applications themselves, but in Electron development framework used to create them. However, with the help of vulnerability, an attacker can very easily hide his malicious activity in legitimate processes.
See Proof of Concept
To modify libraries and extensions, the attacker must first obtain administrator privileges on Linux or MacOS systems. In the case of Windows, local access is sufficient.
By making changes to libraries and extensions, an attacker can create new “functions” that can access the file system, enable web camera και να εξάγουν ευαίσθητα δεδομένα (όπως codeaccess) from the system using the trusted applications feature.
In the video above, Tsakalidis presents a PoC in Microsoft Visual Studio with a backdoor that sends inbound users to a remote site.
According to the researcher, he informed Electron about the vulnerability, but received no response while the problem continues to exist.
________________________
- Google Chrome Advanced Protection Program
- How to clean your keyboard once and for all
- Windows 10: view the latest 10 copies on the clipboard
