HTML5-powered apps 'highly vulnerable to malicious attacks'

An emerging technology called HTML5-based development that are gaining popularity in the mobile industry are becoming highly vulnerable to malicious attacks, new research has revealed.

According to researchers at Syracuse University, HTML5-based technologies are vulnerable to malicious codes that can be easily injected and executed. This is why the Cross-Site Scripting (XSS) attack is still one of the most common attacks in the internet.

The researchers said: "When the adoption of this technology reaches certain threshold, worm attacks would become quite common unless we do something to stop it."

The research coincides with another report from Gartner that warned by 2016, 50% of mobile apps will be using HTML5-based technologies.

The report revealed that XSS attacks cannot only be targeted at mobile apps through a single channel, but can also attack from multiple channels, including 2D barcode, Wi-Fi scanning, Bluetooth pairing, MP3 songs, MP4 videos, SMS messages, NFC tags and Contact list.

"As long as an HTML5-based app displays information obtained from outside or from another app, it may be a potential victim," the report said.

"All major mobile systems would be affected, including Android, iOS, Blackberry, Windows Phone, etc., because they all support HTML5-based mobile apps."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing