While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a Google Chrome window, which developers can modify to look however they prefer. Since Chrome is available on mostly all platforms — Windows, Linux, and Mac OS — once developers create applications, they will work just about everywhere.
Because of their widespread use in the consumer and business worlds, Electron applications can be a top target of attackers. And they may not require a vulnerability to exploit. As we have seen in the headlines, compromising Electron applications may simply require an inexpensive cookie purchase coupled with a phishing message to an unsuspecting employee.
The impact of an Electron application compromise can be devastating, which is why X-Force Red hacker Ruben Boonen (@FuzzySec) researched them a bit more.
A Q&A with X-Force Red Hacker Ruben Boonen
Abby: Thank you for speaking with me today, Ruben. You mentioned you had wanted to research Electron applications because of their widespread use. What also made you want to dig into them further, especially considering you perform red team engagements for companies worldwide?
Ruben: I find Electron applications interesting, Abby, because of their widespread use, but also because of their less stringent login requirements. After the first-time logging into one these applications, it may not ask you to enter in your login credentials for another month (or longer). The application automatically logs you in, which means your compu ..
Support the originator by clicking the read the rest link below.
