The Risks of WebGL: Analysis, Evaluation and Detection

Belkin, Alex; Gelernter, Nethanel; Cidon, Israel

doi:10.1007/978-3-030-29962-0_26

Cited by 3 publications

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

The Risks of WebGL: Analysis, Evaluation and Detection

Belkin

Gelernter

Cidon

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

WebGL is a browser feature that enables JavaScript-based control of the graphics processing unit (GPU) to render interactive 3D and 2D graphics, without the use of plug-ins. Exploiting WebGL for attacks will affect billions of users since browsers serve as the main interaction mechanism with the world wide web. This paper explores the potential threats derived from the recent move by browsers from WebGL 1.0 to the more powerful WebGL 2.0. We focus on two possible abuses of this feature: distributed password cracking and distributed cryptocurrency mining. Our evaluation of the attacks also includes the practical aspects of successful attacks, such as stealthiness and user-experience. Considering the danger of WebGL abuse, as observed in the experiments, we designed and evaluated a proactive defense. We implemented a Chrome extension that proved itself effective in detecting and blocking WebGL. We demonstrate in our experiments the major improvements of WebGL 2.0 over WebGL 1.0 both in performance and in convenience. Furthermore, our results show that it is possible to use WebGL 2.0 in distributed attacks under real-world conditions. Although WebGL 2.0 shows similar hash rates as CPU-based techniques, WebGL 2.0 proved to be significantly harder to detect and has a lesser effect on user experience.

show abstract