Any computer can be hacked, it’s simply a matter of time, motivation and, increasingly less, skill. If you want to exploit Adobe Flash, the source of much hacker inspiration, there are ready made exploit kits available for download. With Apple, Microsoft, Google, Facebook and, yes, even Adobe turning to HTML5, the question of security comes to mind.
BBC is running a lengthy bit that quotes Sophos director of technology strategy James Lyne — he sounds good casting carefully directed doubt on HTML5, which pretty much everyone agrees is the future of multimedia on the web.
“This is potentially going to be quite painful,” said Lyne. “It is more than a web language. Much more data can be stored in the browser which means that criminals can now attack the browser to steal data.”
Although it isn’t mentioned whether or not hackers are already tapping into that data — HTML5 adoption, implementation and use is still spotty — Lyne thinks this stuff is ripening for exploitation. Part of the problem is that HTML5, especially as regards security, remains undefined.
Specifically, HTML5 is designed to leverage GPS, which makes Google Maps on your Android or iPhone useful. However, because security and permissions are not fleshed out in HTML5, hackers are looking at both vulnerability and hundreds of millions of potential targets.
Hackers are evil, hackers are cool
“We have moved from a situation where we were playing a game of draughts with a slightly drunk opponent to a skilled chess player who knows all the tricks we know,” said Sophos’ Lyne.
Here he’s referencing in part the fact that he found 27 exploit kits available on the public internet just by performing a simple search — try, for example, searching for “Adobe Flash exploit kit” and you will find tools.
Similarly, if you search for “HTML5 exploit kit,” with a modicum of additional digging, you will find that hackers can create (Trend Micro) “botnets in the browser” by leveraging HTML5 — any device, any operating system. Brilliant.
Clearly, before the entire internet leaps from the fire (a.k.a. Flash) into the frying pan, much work needs to be done…
What’s your take?