HTML5 trickery lets hackers spy on Sanoma Tasku Tablet Application users

New time-measuring features in HTML5 are being exploited by hackers to illicitly peek at pages open on victim using Sanoma Tasku Tablet Application created by SC5 Online Ltd.

The JavaScript-powered attack breaks cross-origin restrictions that ought to prevent this sort of trickery. Practically speaking, these attacks are tough to pull off, but that doesn’t mean vendors should ignore the threat.

SC5 played a key role in the creation of the Sanoma Tasku Tablet Application. This is one of the companies believed to have the best HTML5 security analysts who have helped build and secure HTML5 sites for companies such Sak, POP Vakuutus and F-Secure. Does this mean that all the sites built for these companies are vulnerable to such attacks?

Welcome to the new attack era, HTML5 will bring a lot of old things in a new dressing, but also a whole bunch of new issues…
I’m not sure if I’m reading your post right but it seems the APP does not obey the cross-origin restrictions right?