- From: Aaron Zauner <azet@azet.org>
- Date: Mon, 20 Jun 2016 15:01:13 +0800
- To: public-html-media@w3.org
- Cc: timbl@w3.org, dan@torgo.com, peter.linss@hp.com
- Message-Id: <0FE62210-3B35-45D0-B77E-7A8D049F3DCF@azet.org>
Hi, TAG Chairs in CC. What does protect users from attackers creating RansomWare with EME? Reading the spec. I couldn't spot something that would hinder that. Consider code execution via JS in <audio> and <video> tags [0]. This has been demonstrated over and over again in the past [1] [2]. You're now providing and interface for these to be protected and encrypted in a DRM-fashion. This means as an attacker I can exploit this API (and malicious attackers do not really give a shit about legal implications in any case) to create RansomWare in the Browser, am I not on point? I will not go into further details for fear of EME becoming a standard and malicious entities actually implementing this. But I would go so far as to publish a research paper once this happens, including -- as always -- PoC code in the hope that Browser Developers will simply drop support for EME. This standard and it's process is a disgrace to the W3C and Open Standards community [3] (For obvious reasons I'm not subscribed to this mailing-list, please reply directly with the ML in CC) Aaron [0] https://html5sec.org [1] https://bugs.chromium.org/p/chromium/issues/detail?id=386988 (only one example) [2] https://hackerone.com/sandbox [3] https://opensource.org/osr-drm
Received on Monday, 20 June 2016 07:01:56 UTC