Peripheral Instinct: How External Devices Breach Browser Sandboxes
Track: Security and privacy
Keywords: Browser Security, Web API, HID, USB, Firmware
TL;DR: Browser APIs like WebUSB expose external devices to potentially malicious websites, shifting the trust model away from the OS; through systematic analysis and reverse-engineering, we demonstrate the implications of this changed threat model.
Abstract: Browser APIs such as WebHID, WebUSB, Web Serial, and Web MIDI enable web applications to interact directly with external devices.
The support of such APIs in Chromium-based browsers, such as Chrome and Edge, radically changes the threat model for peripherals and increases the attack surface.
In the past, devices could assume a trusted host, i.e., the operating system.
Now, the host is a potentially malicious website and cannot be trusted.
We show how this changed threat model leads to security and privacy problems, up to a complete compromise of the operating system.
While the API specifications list initial security considerations, they shift the responsibility to (unprepared) device vendors.
We systematically analyze the security implications of external devices exposed by such new APIs.
By reverse-engineering peripheral devices of several popular widespread vendors, we show that many vendors allow controlling devices via Web APIs up to reprogramming or even fully replacing the firmware.
Consequently, web attackers can reprogram devices with malicious payloads and custom firmware without requiring any physical interaction.
To demonstrate the security implications, we build several full-chain exploits, leading to arbitrary code execution on the victim system, circumventing the browser sandbox.
Our research shows that browser security should not rely on the secure implementation of third-party hardware.
Submission Number: 1647
Loading