With the recent revelation of the Heartbleed bug, the security of Web apps is a hot topic, especially as many of them are migrating to HTML5. Researchers at Syracuse University said that HTML5 is particularly vulnerable to certain attacks, according to CBR.
HTML5 apps are especially prone to Cross-Site Scripting (XSS) attacks. In these attacks, hackers inject their own scripts into Web apps to intercept information such as usernames, passwords and credit card information that users enter into Web forms.
“When the adoption of this technology reaches certain threshold, attacks like this will become quite common, unless we do something to stop it. A recent Gartner (News - Alert) report says that by 2016, 50% of the mobile apps will be using HTML5-based technologies,” the researchers said.
The threat will become even larger as more people shift from desktop PCs to mobile devices, which handle a lot of sensitive data. Mobile apps also handle different kinds of data, including SMS, messages, videos, and barcodes, Bluetooth pairing and other ways that hackers can get into mobile devices.
“As long as an HTML5-based app displays information obtained from outside or from another app, it may be a potential victim," the report said.
The report comes after the announcement of the “Heartbleed” bug in OpenSSL, which handles secure Web connections on major sites such as online banking. Before the bug was patched, it was possible for a malicious user to peek at bits of memory on remote servers they shouldn’t have had access to by taking advantage of a programming error the developers had made while sending “heartbeat” signals. This memory could allow attackers access to information such as accounts and financial details.
Edited by Maurice Nagle