Code Injection Attacks on HTML5-based Mobile Apps

摘要

HTML5-based mobile apps become more and more popular, mostly because they aremuch easier to be ported across different mobile platforms than native apps.HTML5-based apps are implemented using the standard web technologies, includingHTML5, JavaScript and CSS; they depend on some middlewares, such as PhoneGap,to interact with the underlying OS. Knowing that JavaScript is subject to code injection attacks, we haveconducted a systematic study on HTML5-based mobile apps, trying to evaluatewhether it is safe to rely on the web technologies for mobile app development.Our discoveries are quite surprising. We found out that if HTML5-based mobileapps become popular--it seems to go that direction based on the currentprojection--many of the things that we normally do today may become dangerous,including reading from 2D barcodes, scanning Wi-Fi access points, playing MP4videos, pairing with Bluetooth devices, etc. This paper describes howHTML5-based apps can become vulnerable, how attackers can exploit theirvulnerabilities through a variety of channels, and what damage can be achievedby the attackers. In addition to demonstrating the attacks through exampleapps, we have studied 186 PhoneGap plugins, used by apps to achieve a varietyof functionalities, and we found that 11 are vulnerable. We also found two realHTML5-based apps that are vulnerable to the attacks.