News

Vulnerabilities in Electron allow to backdoor Skype, WhatsApp, Slack

On the Electron, platform for application developers, have been found new security issues.

This time, vulnerabilities allow including a backdoor in such popular applications as Skype and Slack.

The Electron framework is a key link in many popular applications, mainly due to its cross-platform capabilities. It is used by the developers of Skype, WhatsApp and Slack.

At BSides LV’s security conference, expert Pavel Tsakalidis demonstrated his own tool called BEEMKA.

BEEMKA is written in Python and allows to unpack Electron – ASAR archive files.

Read also: A bug in the IoT camera allowed listening on its owners

Using this tool, Tsakalidis was able to inject new code into the Electron JavaScript libraries. Thus, he opened up the possibility of injecting malicious capabilities into popular communication programs.

“This attack doesn’t exploit any vulnerabilities in the applications, but instead it leverages Electron’s architecture which means that in order to exploit this the attacker will need to have write access to the application’s installation folder”, – said Pavel Tsakalidis.

Pavel Tsakalidis
Pavel Tsakalidis

According to Tsakalidis, he tried to contact Electron representatives about the vulnerabilities found, but he did not receive a response.

Using the embedded malicious code, you can access the file system, activate the webcam and extract confidential information. And all this under the mask of legitimate applications.

The researcher published a video in which you can get acquainted with the essence of the security problem:

Recommendation

If you are using an application written in Electron (and you probably are):

  1. Make sure you update your applications frequently. When an application is updated, electron.asar is usually replaced with a clean version – removing any backdoors.
  2. Install applications as a high privileged user (ie in “Program Files”) and use them as a low privileged user. To exploit this vulnerability, the attacker would not only have to gain access to your host but would have to elevate their privileges to that of an administrator as well.

If you are developing an application in Electron:

  1. Make sure you use CSP meta tags in your index.html file.
  2. Implement and use WebViews were possible.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button