search

w3c / at-driver

AT Driver defines a protocol for introspection and remote control of assistive technology software, using a bidirectional communication channel.
https://w3c.github.io/at-driver
Other
31 stars 4 forks source link

Security considerations #11

Open zcorpan opened 2 years ago

zcorpan commented 2 years ago

From the ARIA-AT automation meeting on March 14, 2022: w3c/aria-at-automation#17 (minutes)

Allowing automation of screen readers is not without security concerns, as it can effectively allow universal XSS in the browser, or even allow any input in the OS and access to things that apps normally don't have access to (e.g. the login screen).

In CI, there are also security risks, but different to a local setup. Some CI systems today disable macOS SIP (System Integrity Protection), which makes it possible to programatically turn on VoiceOver.

Ideas:

cc @cookiecrook @mcking65 @s3ththompson

zcorpan commented 1 year ago

Don't allow HID-level input to be simulated

This would allow privilege escalation since screen readers usually have more privilege than other apps (e.g. browsers).