AfterDawn: Tech news

Criminals will target HTML 5, NFC, warns expert

Written by James Delahunty @ 03 Dec 2011 8:23 User comments (1)

Criminals will target HTML 5, NFC, warns expert HTML 5 will solve some security problems, and create new ones.
HTML 5 promises to allow the Internet to finally do away with plug-ins such as Adobe Flash and Java, which have been rife with security vulnerabilities over their lifespan. Plug-ins are used with browsers to add great functionality than is allowed by HTML, Javascrpt and so forth, such as embedding videos, games and other interactive content.

HTML 5 is built with such functionality in mind, and is being tinkered and developed with during the rise of Cloud services, which increasingly demand more from web browsers. Google's mail service, for example, uses HTML to allow users to perform tasks such as dragging and dropping files and contents into messages.

The emerging web standard also has a bright future in the mobile phone space. Adobe recently abandoned development of Flash for mobile devices, admitting that HTML 5 provided a much better solution and also enjoys industry-wide support.

However, HTML 5 also means that web browsers will be storing much more data than they currently do, and that gives cybercriminals every incentive to target it, according to James Lyne, director of technology strategy at Sophos.



"This is potentially going to be quite painful," he said. "It is more than a web language. Much more data can be stored in the browser which means that criminals can now attack the browser to steal data."

HTML 5 is also built with support for mobile features, such as GPS, and currently the permissions systems that govern who has access to this kind of data are "poorly defined." If a mobile browser has permission to access this data, then that could put location information at risk.

"Some sites, such as Google Maps, you might be happy to know where you are while others you wouldn't want to know your location."

QR codes are also becoming a target, as more consumers are using QR codes to obtain information. QR codes are posted in public (on movie posters, at train stations for time tables etc.) and cybercriminals are already using low-tech attacks, such as covering a legitimate QR code with a nefarious one.

"I used one on a train station and it took me to a Russian porn site," said Mr Lyne.

The use of NFC to pay for items also turns mobile phones into digital credit cards, according to Lyne, and therefore a very attractive attack vector.

Previous Next  

1 user comment

13.12.2011 17:08

No matter what technology is out there that claims to be more secure or even attack-proof, you can be sure that someone somewhere will have cracked it, or is in the process of cracking it as we speak. It's unavoidable, and nothing scares the average consumer or corporation more than knowing that any given moment you are attacked, or waiting to be the next victim of an attack.

This message has been edited since its posting. Latest edit was made on 03 Dec 2011 @ 5:09

Comments have been disabled for this article.

News archive