Papers no image

Published on August 8th, 2013 📆 | 4900 Views ⚑


Browser Timing Attacks (paper)


Pixel Perfect Timing Attacks with HTML5


[adsense size='1']

This paper describes a number of timi ng attack techniques that can be used by a malicious web page to steal sensitive data from a browser, breaking cross - origin restrictions. The new requestAnimationFrame API can be used to time browser rendering operations and infer sensitive data based on t iming data . The first technique allows the browser history to be sniffed by detecting redraw events. The second part of the paper shows how SVG filters are vulnerable to a timing attack that can be used to read pixel values from a web page. This allows pix els from cross - origin iframes to be read using an OCR - style technique to obtain sensitive data from websites 

Download PDF:

Tagged with:

Comments are closed.