News
Next Seminar on 29.03.2023
Written on 25.03.2023 10:43 by Niklas Medinger
Dear All,
The next seminar(s) take place on 29.03.2023 at 14:00 (Session A).
Session A: (14:00-14:30)
Assiri Nassirou Karim
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session A:
14:00 - 14:30
Speaker: Assiri Nassirou Karim
Type of talk: Bachelor intro
Advisors: Dr. Cristian-Alexander Staicu & Dr. Dolière Francis Somé
Title: A study of the security and privacy implications of the use of third-party web push notifications
services
Research Area: RA5
Abstract:
Over the past few years, web applications have increasingly integrated service workers (SWs) to
enhance their users' experience. This feature is a fundamental part of a progressive web app (PWA) and
provides several benefits, including acting as a proxy for network requests, allowing offline caching,
and enabling web push notifications (WPNs). To take advantage of these features, websites may
delegate the task of WPNs to third-party services (TBS) such as OneSignal. However, researchers have
recently discovered that SWs can be exploited in several ways, including for phishing or social
engineering attacks using WPNs. Moreover, as online advertising has expanded, WPNs have emerged
as a viable method for delivering online ads, which can also be exploited by attackers to deliver
malicious ads. The main focus of this work will be on web push notifications (WPNs). Our primary
objective is to comprehend how WPNs operate by creating our push notification service. The study
aims to identify the TBS used by a large number of websites and analyze the notifications they send to
users. The research is motivated by the potential privacy and security implications of WPNs, as they
can be used to track users and expose them to malicious content. To achieve this goal, the research
design includes a web crawling process to collect data on the TBS used on the websites, followed by an
algorithmic analysis of the notifications sent by these TBS. What sets our work apart from previous
studies is our investigation into the process and timing of TBS subscribing users to notifications.