
JavaScript Template Attacks - lainon
https://www.ndss-symposium.org/ndss-paper/javascript-template-attacks-automatically-inferring-host-information-for-targeted-exploits/
======
lioeters
Quick summary: an automated approach to browser fingerprinting, with two new
side-channel attacks on browser engines, that reveals "the underlying
operating system, CPU architecture, used privacy-enhancing plugins, as well as
exact browser version".

Why it's called a JavaScript _Template_ Attack: "A template is a matrix of
properties (rows) for various environments (columns). All properties, e.g.,
browser properties, are retrieved through JavaScript."

~~~
tantalor
> Why it's called...

I still don't get it, very weird name.

In JavaScript, "templates" are special strings that support interpolation:
[https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Refe...](https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Reference/Template_literals)

~~~
lioeters
I agree the name is a bit confusing, I also immediately thought of template
literals, wondering what kind of vulnerability it could have.

------
mosdl
I don't see whats new here - comparing global object values has always been
used to identify browsers and versions. Same with looking for bugs/quirks in
JS engines.

New extension idea: adds random properties to window on each new page.

~~~
antpls
I believe the new stuff is the exhaustive approach ("5796 different properties
between Firefox and Chrome"), which is a bit scary actually.

~~~
mosdl
Recursively walking a tree is new?

------
hising
Link to Github-repo in slides
[https://github.com/IAIK/jstemplate](https://github.com/IAIK/jstemplate)

------
XCSme
I watched the video presentation, what's the take-away from it? Yes, different
environments have different properties, but we knew this since the first
browsers appeared. Is there anything new? This does not lead to an unique
fingerprint. Is it more about the automated system that detects the properties
that change or just bringing awarness of the issue?

