Trigger-Action Platforms (TAPs) seamlessly connect a wide variety of otherwise unconnected devices and services, ranging from IoT devices to cloud services and social networks. TAPs raise critical security and privacy concerns because a TAP is effectively a “person-in-the-middle” between trigger and action services. Third-party code, routinely deployed as “apps” on TAPs, further exacerbates these concerns. This paper focuses on JavaScript-driven TAPs. We show that the popular IFTTT and Zapier platforms and an open-source alternative Node-RED are susceptible to attacks ranging from exfiltrating data from unsuspecting users to taking over the entire platform. We report on the changes by the platforms in response to our findings and present an...
JavaScript is a popular programming language widely used on both the browser and the server sides. R...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
In today s web applications, no one disputes the important role of JavaScript asa client-side progra...
Modular programming is a key concept in software development where the program consists of code modu...
IoT apps empower users by connecting a variety of otherwise unconnected services. These apps (or app...
Trigger-action platforms (TAPs) allow users to connect independent web-based or IoT services to achi...
The number of internet-connected devices and online services is increasing in the everyday lives of ...
Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based...
The large majority of websites nowadays embeds third-party JavaScript into their pages, coming from ...
Trigger-action programming (TAP) is a popular end-user programming framework that can simplify the I...
In todays web applications, no one disputes the important role of JavaScript asa client-side progra...
Web applications are the most important gateway to the Internet. Billions of users are relying on th...
IoT apps are becoming increasingly popular as they allow users to manage their digital lives by conn...
Conforming to W3C specifications, mobile web browsers allow JavaScript code in a web page to access ...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
JavaScript is a popular programming language widely used on both the browser and the server sides. R...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
In today s web applications, no one disputes the important role of JavaScript asa client-side progra...
Modular programming is a key concept in software development where the program consists of code modu...
IoT apps empower users by connecting a variety of otherwise unconnected services. These apps (or app...
Trigger-action platforms (TAPs) allow users to connect independent web-based or IoT services to achi...
The number of internet-connected devices and online services is increasing in the everyday lives of ...
Significant fractions of our lives are spent digitally, connected to and dependent on Internet-based...
The large majority of websites nowadays embeds third-party JavaScript into their pages, coming from ...
Trigger-action programming (TAP) is a popular end-user programming framework that can simplify the I...
In todays web applications, no one disputes the important role of JavaScript asa client-side progra...
Web applications are the most important gateway to the Internet. Billions of users are relying on th...
IoT apps are becoming increasingly popular as they allow users to manage their digital lives by conn...
Conforming to W3C specifications, mobile web browsers allow JavaScript code in a web page to access ...
Building secure web applications is notoriously difficult. The growing importance of JavaScript as a...
JavaScript is a popular programming language widely used on both the browser and the server sides. R...
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web a...
In today s web applications, no one disputes the important role of JavaScript asa client-side progra...