Mayall : a framework for desktop JavaScript auditing and post-exploitation analysis

Rapley, Adam and Bellekens, Xavier and Shepherd, Lynsay A. and McLean, Colin (2018) Mayall : a framework for desktop JavaScript auditing and post-exploitation analysis. Informatics, 5 (4). 46. ISSN 2227-9709

Preview

Text (Rapley-etal-Informatics-2018-a-framework-for-desktop-JavaScript-auditing-and-post-exploitation-analysis) Rapley_etal_Informatics_2018_a_framework_for_desktop_JavaScript_auditing_and_post_exploitation_analysis.pdf Final Published Version License: Download (527kB)| Preview

Abstract

Writing desktop applications in JavaScript offers developers the opportunity to create cross-platform applications with cutting-edge capabilities. However, in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime—an increasingly popular server-side technology. By bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. This paper also exposes fifteen highly popular Electron applications and demonstrates that two-thirds of applications were found to be using known vulnerable elements with high CVSS (Common Vulnerability Scoring System) scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

ORCID iDs

Bellekens, Xavier ORCID: https://orcid.org/0000-0003-1849-5788

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSArchivematicaHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Citations and altmetrics
• Item metadata

  Item type:	Article
  ID code:	69723
  Dates:	Date Event 17 December 2018 Published 11 December 2018 Accepted
  Keywords:	JavaScript, Node.js, security vulnerabilities, arbitrary code execution, post-exploitation, Electronic computers. Computer science, Electrical engineering. Electronics Nuclear engineering, Electrical and Electronic Engineering, Computer Science(all)
  Subjects:	Science > Mathematics > Electronic computers. Computer science Technology > Electrical engineering. Electronics Nuclear engineering
  Department:	Faculty of Engineering > Electronic and Electrical Engineering
  Depositing user:	Pure Administrator
  Date deposited:	10 Sep 2019 11:27
  Last modified:	21 Jan 2021 11:18
  URI:	https://strathprints.strath.ac.uk/id/eprint/69723