|M.Sc Student||Belkin Alex|
|Subject||The Risks of WebGL: Analysis, Evaluation and Detection|
|Department||Department of Electrical and Computer Engineering||Supervisors||PROFESSOR EMERITUS Israel Cidon|
|DR. Nethanel Gelernter|
|Full Thesis text|
This paper explores the potential threats derived from the recent move by browsers from WebGL 1.0 to the more powerful WebGL 2.0.
We focus on two possible abuses of this feature: distributed password cracking and distributed cryptocurrency mining.
Our evaluation of the attacks also includes the practical aspects of successful attacks, such as stealthiness and user-experience.
Considering the danger of WebGL abuse, as observed in the experiments, we designed and evaluated a proactive defense. We implemented a Chrome extension that proved itself effective in detecting and blocking WebGL.
We demonstrate in our experiments the major improvements of WebGL 2.0 over WebGL 1.0 both in performance and in convenience.
Furthermore, our results show that it is possible to use WebGL 2.0 in distributed attacks under real-world conditions.
Although WebGL 2.0 shows similar hash rates as CPU-based techniques, WebGL 2.0 proved to be significantly harder to detect and has a lesser effect on user experience.