Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Apps

IEEE via YouTube

Overview

Explore a critical security vulnerability in hybrid mobile applications that use postMessage for communication between web and native code. Dive into the concept of Origin Stripping Vulnerability (OSV) and its potential exploits, including remote microphone monitoring, data manipulation, and denial of service attacks. Learn about the systematic study conducted on OSV, the development of a detection tool called OSV-Hunter, and its evaluation on popular apps. Discover the impact on widely-used frameworks and libraries such as Facebook React Native and Google cloud print. Examine the proposed solution, OSV-Free, which introduces new postMessage APIs to mitigate the vulnerability from its root. Gain insights into the security, performance, and ease of implementation of OSV-Free, as well as its open-source availability for further exploration and application in mobile app development.

Syllabus

Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Apps

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Apps

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.