W3C home > Mailing lists > Public > public-html-media@w3.org > June 2016

Creating effective RansomWare with EME

From: Aaron Zauner <azet@azet.org>
Date: Mon, 20 Jun 2016 15:01:13 +0800
Message-Id: <0FE62210-3B35-45D0-B77E-7A8D049F3DCF@azet.org>
Cc: timbl@w3.org, dan@torgo.com, peter.linss@hp.com
To: public-html-media@w3.org
Hi,

TAG Chairs in CC.

What does protect users from attackers creating RansomWare with EME? Reading the spec. I couldn't spot something that would hinder that.

Consider code execution via JS in <audio> and <video> tags [0]. This has been demonstrated over and over again in the past [1] [2]. You're now providing and interface for these to be protected and encrypted in a DRM-fashion. This means as an attacker I can exploit this API (and malicious attackers do not really give a shit about legal implications in any case) to create RansomWare in the Browser, am I not on point?

I will not go into further details for fear of EME becoming a standard and malicious entities actually implementing this. But I would go so far as to publish a research paper once this happens, including -- as always -- PoC code in the hope that Browser Developers will simply drop support for EME.

This standard and it's process is a disgrace to the W3C and Open Standards community [3]

(For obvious reasons I'm not subscribed to this mailing-list, please reply directly with the ML in CC)

Aaron

[0] https://html5sec.org
[1] https://bugs.chromium.org/p/chromium/issues/detail?id=386988 (only one example)
[2] https://hackerone.com/sandbox
[3] https://opensource.org/osr-drm

Received on Monday, 20 June 2016 07:01:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 20 June 2016 07:01:57 UTC