ATTENTION/WARNING - NE PAS DÉPOSER ICI/DO NOT SUBMIT HERE

Ceci est la version de TEST de DIAL.mem. Veuillez ne pas soumettre votre mémoire sur ce site mais bien à l'URL suivante: 'https://thesis.dial.uclouvain.be'.
This is the TEST version of DIAL.mem. Please use the following URL to submit your master thesis: 'https://thesis.dial.uclouvain.be'.
 

Attacking mobile browsers with extensions

Borel, Enzo
(2020)

Files

BOREL_99331700_2020.pdf
  • Open access
  • Adobe PDF
  • 2.13 MB
Download

Details

Supervisors
Sadre, Ramin
Faculty
Ecole polytechnique de Louvain
Degree label
Master [120] en cybersécurité
Abstract
Web browsing on mobile devices is nowadays a common practice. Since browsers can be viewed as pieces of software allowing a remote agent to execute code on someone else’s machine, security measures such as Same Origin Policy or Cross-Origin Resource Sharing are enforced. However, this minimal security level might be affected by third-party software, also known as browsers extensions. The latter are generally meant to improve the browsing experience or to offer customisation, but they can also be a powerful attack vector because of the privileges they are given. At the time of writing, mobile browsers do not all support extensions, hence a lack of research about this specific subject. While extensions security has been broadly studied, mobile devices were often put out of the scope because of this lack of support. The purpose of this thesis is to show that supporting extensions on mobile devices can also be really dangerous, because some weaknesses are inherent to this kind of devices. We present a set of attacks with proofs of concept, and discuss the likelihood as well as the efficiency.