Electron (PoC) vulnerable to Skype, WhatsApp, Slack applications

The problem seems to exist in the vulnerable context of Electron development (Electron development framework).

The Electron development framework creating chat applications is a very popular framework among developers and supports many projects. Its system Electron is based on JavaScript and Node.js and is used to create Skype, WhatsApp, Slack applications as well as many other Internet communication tools.

However, according to the researcher Pavel Tsakalidis, the Electron development framework is a very serious threat to application security.

Electron

In BSides LV this week on , Tsakalidis presented the tool BEAM to decompress Electron ASAR files, the code embedded in the Electron JavaScript libraries, and the embedded Chrome browser extensions.

We should note that the vulnerability discovered by the researcher does not exist in the applications themselves, but in Electron development framework used to create them. However, with the help of vulnerability, an attacker can very easily hide his malicious activity in legitimate processes.

See Proof of Concept

To modify libraries and extensions, the attacker must first obtain administrator privileges on Linux or MacOS systems. In the case of Windows, local access is sufficient.

By making changes to libraries and extensions, an attacker can create new “functions” that can access the file system, enable   and extract sensitive data (such as passwords ) from the system using the trusted apps feature.

In the video above, Tsakalidis presents a PoC in Microsoft Visual Studio with a backdoor that sends inbound users to a remote site.

According to the researcher, he informed Electron of the vulnerability, but received no response while the problem still exists.

________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).