What’s the problem?
Service Workers (SWs) can be used by websites to send out Web Push Notifications (WPNs) to users even when the corresponding website is closed. As long as the browser runs in the background, these notifications can be delivered to users on their desktop and mobile devices.
This feature is extremely powerful and can be used by malicious actors to deliver spam, malicious content, or malicious ads to users.
But, how bad could it be?
This video shows how persistent and threatening these notifications can be.
Users implicitly trust notifications that they receive on their devices directly and such notifications can easily pursuade them into clicking on a malicious link and inadvertently affecting their machines even further.
So, what did you do?
We propose a novel defense tool to detect and block websites that exploit SWs to deliver malicious notifications. Our approach is twofold:
We develop a mechanism to capture and parse events from the push notification lifecycle
We introduce a prototype that employs a combination of supervised machine learning and threat intelligence analysis to identify and block malicious notifications.