In a Progressive Web App (PWA), a kind of application software of the web, a service worker (SW) plays a key role as a one of the fundamental components to enhance the user's browsing experiences. For this purpose, the SW supports several features such as push notification, offline access, background code execution, etc. Since the SW provides prolific capabilities, it has been the main target to abuse by malicious attackers to deliver diverse attacks through the web applications such as crypto-currency mining, history sniffing, phishing. In this paper, we introduce the SW's functionalities and vulnerabilities, and discuss the existing attack methodologies and their implications.
|Title of host publication||ICTC 2022 - 13th International Conference on Information and Communication Technology Convergence|
|Subtitle of host publication||Accelerating Digital Transformation with ICT Innovation|
|Publisher||IEEE Computer Society|
|Number of pages||3|
|Publication status||Published - 2022|
|Event||13th International Conference on Information and Communication Technology Convergence, ICTC 2022 - Jeju Island, Korea, Republic of|
Duration: 2022 Oct 19 → 2022 Oct 21
|Name||International Conference on ICT Convergence|
|Conference||13th International Conference on Information and Communication Technology Convergence, ICTC 2022|
|Country/Territory||Korea, Republic of|
|Period||22/10/19 → 22/10/21|
Bibliographical noteFunding Information:
This work was supported by IITP grant funded by the MSIT, Korea(No.2019-0-00533, No.2022-0-00411, IITP-2022-2021-0-01810) and Basic Science Research Program through the National Research Foundation funded by the Ministry of Education, Korea(NRF-2021R1A6A1A13044830).
© 2022 IEEE.
- history sniffing
- Progressive Web App (PWA)
- Service worker
- web push
ASJC Scopus subject areas
- Information Systems
- Computer Networks and Communications