Loading…
Dangers and Prevalence of Unprotected Web Fonts
Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanis...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference Proceeding |
| Language: | English |
| Subjects: | |
| Online Access: | Request full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 5 |
| container_issue | |
| container_start_page | 1 |
| container_title | |
| container_volume | |
| creator | Mueller, Tobias Klotzsche, Daniel Herrmann, Dominik Federrath, Hannes |
| description | Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts. |
| doi_str_mv | 10.23919/SOFTCOM.2019.8903683 |
| format | conference_proceeding |
| fullrecord | <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_8903683</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8903683</ieee_id><sourcerecordid>8903683</sourcerecordid><originalsourceid>FETCH-LOGICAL-i203t-2e5eb3cd300413c218ae9d3bc0102701515749bbe224646c1250a542483f4d103</originalsourceid><addsrcrecordid>eNotz81Kw0AUQOFREKy1TyDCvEDS-zOTzCwl2ipUItiiuzKZ3EikJiUJgm-vYFdn98FR6hYhJfbol6_laluUzykB-tR54MzxmbrylskDOOfO1QydyRO27v1SLcbxEwCYgI33M7W8D92HDKMOXa1fBvkOB-mi6L7Ru-449JPESWr9JpVe9d00XquLJhxGWZw6V7vVw7Z4TDbl-qm42yTtnzwlJFYqjjUDGORI6IL4mqsICJQDWrS58VUlRCYzWUSyEKwh47gxNQLP1c2_24rI_ji0X2H42Z_--BcMFUK6</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Dangers and Prevalence of Unprotected Web Fonts</title><source>IEEE Xplore All Conference Series</source><creator>Mueller, Tobias ; Klotzsche, Daniel ; Herrmann, Dominik ; Federrath, Hannes</creator><creatorcontrib>Mueller, Tobias ; Klotzsche, Daniel ; Herrmann, Dominik ; Federrath, Hannes</creatorcontrib><description>Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts.</description><identifier>EISSN: 1847-358X</identifier><identifier>EISBN: 9532900888</identifier><identifier>EISBN: 9789532900880</identifier><identifier>DOI: 10.23919/SOFTCOM.2019.8903683</identifier><language>eng</language><publisher>University of Split, FESB</publisher><subject>attack surface ; fonts ; integrity ; web</subject><ispartof>2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), 2019, p.1-5</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8903683$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,23929,23930,25139,27924,54554,54931</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/8903683$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Mueller, Tobias</creatorcontrib><creatorcontrib>Klotzsche, Daniel</creatorcontrib><creatorcontrib>Herrmann, Dominik</creatorcontrib><creatorcontrib>Federrath, Hannes</creatorcontrib><title>Dangers and Prevalence of Unprotected Web Fonts</title><title>2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)</title><addtitle>SOFTCOM</addtitle><description>Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts.</description><subject>attack surface</subject><subject>fonts</subject><subject>integrity</subject><subject>web</subject><issn>1847-358X</issn><isbn>9532900888</isbn><isbn>9789532900880</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2019</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotz81Kw0AUQOFREKy1TyDCvEDS-zOTzCwl2ipUItiiuzKZ3EikJiUJgm-vYFdn98FR6hYhJfbol6_laluUzykB-tR54MzxmbrylskDOOfO1QydyRO27v1SLcbxEwCYgI33M7W8D92HDKMOXa1fBvkOB-mi6L7Ru-449JPESWr9JpVe9d00XquLJhxGWZw6V7vVw7Z4TDbl-qm42yTtnzwlJFYqjjUDGORI6IL4mqsICJQDWrS58VUlRCYzWUSyEKwh47gxNQLP1c2_24rI_ji0X2H42Z_--BcMFUK6</recordid><startdate>201909</startdate><enddate>201909</enddate><creator>Mueller, Tobias</creator><creator>Klotzsche, Daniel</creator><creator>Herrmann, Dominik</creator><creator>Federrath, Hannes</creator><general>University of Split, FESB</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201909</creationdate><title>Dangers and Prevalence of Unprotected Web Fonts</title><author>Mueller, Tobias ; Klotzsche, Daniel ; Herrmann, Dominik ; Federrath, Hannes</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i203t-2e5eb3cd300413c218ae9d3bc0102701515749bbe224646c1250a542483f4d103</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2019</creationdate><topic>attack surface</topic><topic>fonts</topic><topic>integrity</topic><topic>web</topic><toplevel>online_resources</toplevel><creatorcontrib>Mueller, Tobias</creatorcontrib><creatorcontrib>Klotzsche, Daniel</creatorcontrib><creatorcontrib>Herrmann, Dominik</creatorcontrib><creatorcontrib>Federrath, Hannes</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Mueller, Tobias</au><au>Klotzsche, Daniel</au><au>Herrmann, Dominik</au><au>Federrath, Hannes</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Dangers and Prevalence of Unprotected Web Fonts</atitle><btitle>2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)</btitle><stitle>SOFTCOM</stitle><date>2019-09</date><risdate>2019</risdate><spage>1</spage><epage>5</epage><pages>1-5</pages><eissn>1847-358X</eissn><eisbn>9532900888</eisbn><eisbn>9789532900880</eisbn><abstract>Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts.</abstract><pub>University of Split, FESB</pub><doi>10.23919/SOFTCOM.2019.8903683</doi><tpages>5</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | EISSN: 1847-358X |
| ispartof | 2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), 2019, p.1-5 |
| issn | 1847-358X |
| language | eng |
| recordid | cdi_ieee_primary_8903683 |
| source | IEEE Xplore All Conference Series |
| subjects | attack surface fonts integrity web |
| title | Dangers and Prevalence of Unprotected Web Fonts |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-12T12%3A39%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Dangers%20and%20Prevalence%20of%20Unprotected%20Web%20Fonts&rft.btitle=2019%20International%20Conference%20on%20Software,%20Telecommunications%20and%20Computer%20Networks%20(SoftCOM)&rft.au=Mueller,%20Tobias&rft.date=2019-09&rft.spage=1&rft.epage=5&rft.pages=1-5&rft.eissn=1847-358X&rft_id=info:doi/10.23919/SOFTCOM.2019.8903683&rft.eisbn=9532900888&rft.eisbn_list=9789532900880&rft_dat=%3Cieee_CHZPO%3E8903683%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i203t-2e5eb3cd300413c218ae9d3bc0102701515749bbe224646c1250a542483f4d103%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=8903683&rfr_iscdi=true |