Potential Threats from HTML5

Under active development, HTML5 is the future of the internet language. HTML5 offers a lot more power than its predecessor HTML4. For example, it is removing the use of Java, Flash plugins and allows multimedia content to be embedded easily. Its power also makes it attractive to cybercriminals to exploit any weakness in the language and browsers which support HTML5.

As HTML5 allows more data to be stored in cookies, these cookies can potentially be used to track users’ behaviour the internet. It is possible to write code that tricks users to click on a certain link and, without users’ knowledge, send information stored in the cookie to the cybercriminal. This technique is known as clickjacking.

HTML5 also allows the use of GPS information such as when used on a smartphone. If the mobile phone browser is given permission to use the GPS information, it can potentially give out such information when visiting some HTML5 websites. This can be undesirable as the user may not want to share this information with every site it visits. We can see that further privacy protection mechanisms are needed for browsers.

While HTML5 can cause some new potential threats, it can also reduce threats from other sources. For example, by removing the need of some external plugins e.g. Flash players, any loophole in Flash players will hence not be available to cybercriminals in the future.

HTML5 is still under development at the time of writing. As the developers of the language and browsers become aware of these potential threats, we hope they will be steps ahead of the cybercriminals and implement protection to the general users. For further information, you may visit this report from BBC News: http://www.bbc.co.uk/news/technology-16005053

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>