While most people are busy singing the praises of HTML5 and all the nifty things the programming language can do, there are some who are warning about the dangers of using the technology. While there is still just a tiny fraction of the mobile apps being built using HTML5, those applications are said to pose a threat to both iOS and Android (News - Alert) devices.
By 2016, industry analysts believe that about half of all mobile applications will be built using HTML5 language. Those same industry analysts say that means there are quite a few mobile phones that are going to be at risk of a new Cross-Device Scripting (XDS) attack that is coming fast and hard. Researchers from Syracuse University, Xing Jin, Tongbo Luo, Derek G. Tsui, and Wenliang Du have said that anyone running HTML5 based applications are going to be at risk of malicious code injection.
The researchers say attackers can inject malicious code through a number of different channels including Wi-Fi scanning and SMS messaging. Even scanning 2D barcodes, Bluetooth pairing and playing MP3 and MP4 files can put the malicious code onto phones through the HTML5 apps.
The problem with those who are using more HTML5 codes is that not only will their devices be compromised, but attacked phones will transmit viruses to others through SMS messaging of contacts. The contacts don’t need to have the same kind of phone as the people who are carriers. It turns out that the benefit of HTML5 is also the danger.
Because the programming is able to be used on any device, that also means that any device can catch certain viruses that normally wouldn’t be transmitted from an iPhone (News - Alert) to a Galaxy S. Du said his research team has come across one HTML5 app that has been downloaded by more than 1 million people. He said he couldn’t say which one it was, but the developer has been notified and is looking for a fix.
While that developer doesn’t seem to want to have any exploits out there, other developers might actually be looking to take advantage of people through their applications and that’s a problem.
Edited by Cassandra Tucker