Attack Vector: App Updates?


#1

As I’m making apps, I keep testing through SAFE each time (since I can’t get the dang polyfill to work for the life of me @happybeing @joshuef), but I’ve noticed that if I authorize my web app, then I can make updates to it which go into effect upon refreshing the page, without having to authorize again.

An obvious attack is making an app that is just fine, then getting lots of users, and then adding a secret update that steals everyone’s safecoins automatically.

I hope that there will be some type of regular app hash check or something that notifies users that an update to the app has been made, and gives them the chance to accept or deny it.

Although maybe the team is already fixing this with the new authenticator paradigm coming out soon


#2

Every update needs to be treated as completely new code, there’s no question about that.

With that out of the way, I still think the whole authorization thing (together with a lot of other things on the network; we’ll need it!) will have to be supported by a generic “web of trust” kind of system, where people can pick trusted parties to whom they can delegate these checks:

If both TesterJoe and JimmyTheNerdest says this app (with hash fff420) really is SafeWallet 2.17.1, and they think it’s okay to give it access to my wallet, then I trust it is so.

This is both less bothersome and more secure than if I was always asked, and then had to do my own little investigation (which, let’s face it, most of us would not do after the first few times.)


#3

definitely agree, and hope that is one of the many harmoniously coexisting options that the free people of SAFE are allowed to choose from in the future :smiley:


#4

Safe is the ultimate phising and malware distribution platform for the same reasons that make it the ultimate privacy and content distribution platform. We’ll need to come up with ways to mitigate the nasty side of this equation, and that goes beyond just app installs or updates.

Trust is a social concept, so it can’t be solved (only helped) by means of technology; we’ll need to utilize relationships between actual humans. We won’t be able to live without one or more generic frameworks that express and work with trust between people, but probably also with “trust in trust” (“I trust that whom you trust is trustworthy.”)


Is censorship always bad?
#5

I’m curious how @Seneca’s work might come in at this interface. I know that he was building out those exact tools of WoT as part of the Decorum project.

What say, Harmen?