{"title":"服务工作者脆弱性调查","authors":"Yeomin Jeong, Junbeom Hur","doi":"10.1109/ICTC55196.2022.9952818","DOIUrl":null,"url":null,"abstract":"In a Progressive Web App (PWA), a kind of application software of the web, a service worker (SW) plays a key role as a one of the fundamental components to enhance the user's browsing experiences. For this purpose, the SW supports several features such as push notification, offline access, background code execution, etc. Since the SW provides prolific capabilities, it has been the main target to abuse by malicious attackers to deliver diverse attacks through the web applications such as crypto-currency mining, history sniffing, phishing. In this paper, we introduce the SW's functionalities and vulnerabilities, and discuss the existing attack methodologies and their implications.","PeriodicalId":441404,"journal":{"name":"2022 13th International Conference on Information and Communication Technology Convergence (ICTC)","volume":"116 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Survey on Vulnerabilities of Service Workers\",\"authors\":\"Yeomin Jeong, Junbeom Hur\",\"doi\":\"10.1109/ICTC55196.2022.9952818\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a Progressive Web App (PWA), a kind of application software of the web, a service worker (SW) plays a key role as a one of the fundamental components to enhance the user's browsing experiences. For this purpose, the SW supports several features such as push notification, offline access, background code execution, etc. Since the SW provides prolific capabilities, it has been the main target to abuse by malicious attackers to deliver diverse attacks through the web applications such as crypto-currency mining, history sniffing, phishing. In this paper, we introduce the SW's functionalities and vulnerabilities, and discuss the existing attack methodologies and their implications.\",\"PeriodicalId\":441404,\"journal\":{\"name\":\"2022 13th International Conference on Information and Communication Technology Convergence (ICTC)\",\"volume\":\"116 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 13th International Conference on Information and Communication Technology Convergence (ICTC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICTC55196.2022.9952818\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 13th International Conference on Information and Communication Technology Convergence (ICTC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTC55196.2022.9952818","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
在渐进式Web应用程序(Progressive Web App, PWA)中,service worker (SW)作为增强用户浏览体验的基础组件之一,发挥着关键作用。为此,软件支持推送通知、脱机访问、后台代码执行等功能。由于SW提供了丰富的功能,它一直是恶意攻击者滥用的主要目标,通过web应用程序提供各种攻击,如加密货币挖掘,历史嗅探,网络钓鱼。在本文中,我们介绍了软件的功能和漏洞,讨论了现有的攻击方法及其影响。
In a Progressive Web App (PWA), a kind of application software of the web, a service worker (SW) plays a key role as a one of the fundamental components to enhance the user's browsing experiences. For this purpose, the SW supports several features such as push notification, offline access, background code execution, etc. Since the SW provides prolific capabilities, it has been the main target to abuse by malicious attackers to deliver diverse attacks through the web applications such as crypto-currency mining, history sniffing, phishing. In this paper, we introduce the SW's functionalities and vulnerabilities, and discuss the existing attack methodologies and their implications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
