Pixel Perfect Timing Attacks with HTML5

[Nytro]

Context Information Security

Research. Response.

Assurance

www.contextis.com

White paper

Pixel Perfect Timing

Attacks with HTML5

Paul Stone

whitepapers

@contextis.co.uk

July 2013

Contents

Abstract

Thinking in Frames

using requestAnimationFrame to time

browser operations

requestAnimationFrame and Timing Attacks

Rendering Links and Redraw Events

Detecting Redraw Events

Calibration

Results and Practicality

Visibility

Speed

Reliability

CSS, SVG and Filters

Timing Attacks with SVG Filters

Timing the speed of SVG filters

History Sniffing with SVG Filters

Reading Pixels

Reading Text with Pixel Perfect OCR

Conclusion

Security Bug Reports and Disclosure

About Context

Works Cited

Download:

http://contextis.co.uk/files/Browser_Timing_Attacks.pdf