Is Silverlight Secure?

Question

We have a need for an application that runs on an end user's machine and provides us with score results, and we need to results to be accurate (i.e. not tampered with). Currently, there is a debate between Flash and Silverlight, and it looks like Silverlight is going to be the winner.

Aside from the agurment that anything on an end users machine has to be ultimately considered comprimised, how hard is it to attack a SilverLight application? I know it depends on how the code is written etc., and my question really is how hard is it to attack the underlying platform. Are there any articles on how easy it is to do something like bootstrap a silverlight app and alter running code (or some other method)? I am thinking something like a buffer overflow attack to insert other executable code?

I've also heard that Flash application is pretty difficult to attack the memory and execute arbitrary code. Is this true?

Answer 1

Anything that runs on the users machine is open for modification. Its just a matter of effort from the user.

There are countless tutorials on how to "hack" flash games if you want to look for some examples.

Answer 2

Whatever mechanism you provide to communicate between the client and your server is potentially hackable. Even if you use SSL, a user can perform a man-in-the-middle attack (the security is handled by the browser, so if the user overrides the SSL Certificate, it will be allowed), to get access to your data protocol.

Answer 3

To be honest, I think both platforms are secure. To this day, I am not aware of Silverlight (1.0 or 2.0) ever having had any security vulnerabilities. That said, if there were any discovered in any platform, I'm sure that both would be addressed quickly.

One question for you, however. Why are you looking at storing anything on the client machine versus a hosted server? Silverlight 2.0 has a special "trimmed down" implementation of the .NET framework and to the best of my knowledge, all file system access has been removed for security reasons.

Answer 4

I think Silverlight is quite good in terms of sandboxing but it is quite new so it's unlikely that it has been explored in nearly as much depth as Flash from a security perspective.

As you're aware, you won't find a guaranteed secure platform at all on the client so the smart money is on making sure your data is passed between the two in a way that is very hard to compromise.

Answer 5

As an attacker in your specific scenario, I would first consider simply running a proxy that modified the content of the data being sent from the app back to your site. I would be trying that long before I worked on compromising the executable itself. Even with encryption, it would probably still be easier to extract the certificate/key from your app in order to proxy that also, rather than subverting the executable entirely.

Answer 6

I agree with foxxtrot that the communications between a Silverlight app and your server will be as secure as just about any other webservices architecture. That is your primary attack vector, as client-side malware is unlikely to cause a problem in the case of Silverlight, at least not as far as stealing the data.

You can encrypt the webservice calls, and possibly go as far as client certficates to prevent bogus posts to your webservice.

Answer 7

My understanding is that Silverlight is running on a version of the Common Language Runtime (CLR) called CoreCLR. Like any application running in the browser, the primary security scenario is preventing malicious code attacking other instances of the application, or applications/data on the user's computer.

This scenario that you describe is different from this, and I would say that there is little in the way of active measures to prevent your code from hijacked. A user with enough know how can easily edit the code at the assembly level.

You might attempt to mitigate these attacks by:

• Preventing access to sophisticated debugging tools (not possible unless you control the client machines).
• Generating obfuscated or random silverlight code for each individual user, or even per session. In theory this might prevent users from sharing a hack. If you can timeout the code, by making it stale after 30 mins you would make it more difficult.
• Reducing the amount of logic in your application, and provide it on the server side with web services.

It is just as easy for an expert attacker to attack applications running in the Flash VM as it is to attack Silverlight.

Answer 8

Hi Kevin,

Download this whitepaper on silverlight security. tells you all you need to know:

Security Guidance for Writing and Deploying Silverlight Applications.docx: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7cef15a8-8ae6-48eb-9621-ee35c2547773

if you can't open the docx just remove the 'x' and it will open in word 2003 ;-)

Asa