Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.4.573

Analysis of Vulnerability in Electron Based Collaboration Tools  

Lee, Hyomin (Korea University)
Jang, Yeonseok (Korea University)
Kwon, Yonghee (Korea University)
Lim, Eunji (Sungshin Women's University)
Kim, Jongmin (Korea University)
Park, Jinwoo (the Catholic University of Korea)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.4, 2021 , pp. 573-586 More about this Journal
Abstract
As the proportion of non-contact work is increasing in the situation of COVID-19 pandemic, the collaboration program market is growing rapidly. As the size of the market grows, vulnerabilities in collaborative programs are constantly being disclosed which increases interest in the security of collaborative tools. In this paper, we introduce the results of vulnerability analysis on Electron-based collaboration programs, noting that a number of collaboration programs are based on the Electron framework, and propose countermeasures to enhance the security of Electron-based applications.
Keywords
Electron; Collaboration Tool; RCE;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Fortune Business Insights(2019), Team Collaboration Software Market Size, Share & COVID-19 Impact Analysis
2 Electron Homepage (https://www.electronjs.org)
3 "Golden Age of Business Collaboration Tools", ChosunBiz, https://biz.chosun.com/site/data/html_dir/2020/04/23/2020042304167.html, Apr, 2020
4 "Rapid Growth of Collaboration Tools with the Trend of Working-At-Home", Sedaily, https://www.sedaily.com/NewsVIew/1Z065EKQ6P, Mar, 2020
5 Fortune Business Insights, "Market Research Report", 2020
6 Discord bugbounty Homepage (https://discord.com/security)
7 "Electronegativity - A study of electron security", Blackhat USA 2017, Jul. 2017
8 Luca Carettoni, "Electron Security Checklist - A guide for developers and auditors", 2017
9 "Preloading Insecurity In Your Electron", Blackhat Asia 2019, Mar. 2019
10 "app setAsDefaultRCE Client: Electron, scheme handlers and stealthy security patches", ZeroNights 2019, Nov. 2019
11 "Democratizing Electron.js Security", Covalence Conference 2020, Jan. 2020
12 Common Vulnerabilites and Exposures, "CVE-2018-15685"(Internet), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15685
13 Masato Noguchi and Yosuke Kurami, "Electron Application Development", In sung Yoon Trans., Freelec, pp. 278-279, 2018
14 Common Vulnerabilites and Exposures, "CVE-2020-15926"(Internet), https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15926
15 Common Vulnerabilites and Exposures, "CVE-2020-25019"(Internet), https://cve.mitre.org/cgigksrnin/cvename.cgi?name=CVE-2020-25019
16 "Electron: Abusing the lack of context isolation", CureCon 2018, Aug. 2018