Summary:
Thank you for designing the Frame Desktop Application and making it open source and available. The application does a great job of using secure preferences when the user navigates to arbitrary websites. We list pointers of concern below that can help make the application more secure.
[IPC Messages]: Since the application uses custom IPC and integrates with multiple Dapps, it will be helpful to verify the sender of each event of IPC messages before handling and responding to them in IPC Main. [Link]
[Encrypting Cookies]: The application stores sensitive cookies on the filesystem. It will be helpful to use a fuse to encrypt cookies. [Link]
Thank you!
Platform(s) Affected:
Windows, Linux, MacOS
–
Mir Masood Ali, PhD student, University of Illinois at Chicago
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago
Chris Kanich, Associate Professor, University of Illinois at Chicago
Jason Polakis, Associate Professor, University of Illinois at Chicago
Summary: Thank you for designing the Frame Desktop Application and making it open source and available. The application does a great job of using secure preferences when the user navigates to arbitrary websites. We list pointers of concern below that can help make the application more secure.
Thank you!
Platform(s) Affected: Windows, Linux, MacOS
– Mir Masood Ali, PhD student, University of Illinois at Chicago Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago Chris Kanich, Associate Professor, University of Illinois at Chicago Jason Polakis, Associate Professor, University of Illinois at Chicago