Electron Framework Vulnerabilities Securing The Electron Apps Backdoor

Electron Framework Vulnerabilities: Securing The Electron Apps Backdoor

Last Updated: 24th July, 2022

Electron Framework Vulnerabilities: In several communication software, the Electron framework plays a major role – WhatsApp, GitHub, Skype and Slack to name just a few. It provides developers with the flexibility to develop a multitude of desktop applications with a single codebase as a cross-platform development platform.

It’s an open-source framework with relatively simple architecture, essentially a framework based on JavaScript and Node.js (run as the backend). However, this architecture also leaves certain files exposed, allowing would-be attackers to inject a backdoor. Let’s look at it more closely.


Ultimate WordPress Security Guide 2023 (Stay Secure Online)

Essentially, Electron Apps are becoming the de-facto standard in terms of desktop development because they allow a good chunk of the web application code to be reused. As mentioned earlier, some modern desktop applications such as Slack or VS Code are Electron apps. The major flaw with Electron apps, however, is that they are greatly exposed due to a lack of integrity protection.

Any attacker with access to the local filesystem can tamper with those applications and change their behavior; it is relatively simple to inject malicious code inside a legitimate application without triggering any warnings (the digital signature is not altered).


Sector-Based Security: Bad Bots Targeting The E-Commerce Sector

This inherent weakness or Electron Framework Vulnerabilities were recently demonstrated by consultant Pavel Tsakalidis. To perpetrate the attack, it’s necessary to unpack Electron ASAR archive files, which results in numerous JavaScript files that are not obfuscated or protected in any way. As so, it’s very easy to inject malicious code into these JavaScript files (and built-in Chrome browser extensions).

However, as Tsakalidis’ research showed, a CSP only blocks part of this exploit’s capabilities - it helps minimize data exfiltration but doesn’t prevent injections that enable keyloggers, taking screenshots


Healthcare Security 2020: What Will It Take To Create Change?

The vulnerability is part of the underlying Electron framework and allows for any malicious activity to be hidden within processes that appear to be harmless. During his demonstration, Tsakalidis was able to demonstrate a backdoored version of the Microsoft Visual Studio Code that sent out to a remote website with the contents of each code tab opened.

Whilst it would appear those remote attacks on Electron apps are not a current threat, there is certainly a backdoor threat to applications which could pass unperceived and enable attackers to perform a myriad of attacks – taking screenshots of the app, activating a webcam, and exfiltrate data such as credentials and personally identifiable information.


UNICEF Leaks 8000 Online Learners Personal Data

So how do you prevent all of this? Well, one way is for Electron to roll out a secure code signing process, but that is something that does not exist today. Application owners can minimize the impact of this backdoor, such as by putting in place a Content Security Policy that prevents attackers from directly sending exfiltrated data to a command and control (C2) server.

However, as Tsakalidis’ research showed, a CSP only blocks part of this exploit’s capabilities – it helps minimize data exfiltration but doesn’t prevent injections that enable keyloggers, taking screenshots, and access to a webcam.

A more universal alternative and one that only depends on the application owner, are for the owner to make their application code tamper-resistant. This is something that can be achieved with enterprise JavaScript protection, an approach that conceals the source code logic and, in addition, provides other protective layers such as code locks and self-defending code.


Google Fixes Critical PNG Security Bug, Though Billions of Android Users Still Vulnerable

By making the JavaScript source code extremely hard to read and making the application automatically react to tampering attacks, JavaScript protection renders these attacks completely uneconomical.

More advanced JavaScript protection technologies also enable application owners to gain real-time visibility over any attempt to debug or tamper with the application’s source code, which provides an extra degree of protection and readiness to minimize the extent of attacks.

As we see an increasing number of companies adopting Electron, it becomes increasingly important that organizations ensure that their applications cannot be tampered with. Developers of frameworks like Electron must take quick action to fix these backdoor of Electron Framework Vulnerabilities, but the stakes are too high for application owners to trust this alone.

, , , , , , , , , , , , ,
Previous Post
Revamping Your Security Information And Event Management (SIEM)
Next Post
Why Gender Gap Diversity Is Vital For The Future Of Cybersecurity?

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed