When syncing sinks your browser
by Rob Rachwald - Imperva - Thursday, 31 May 2012.
Allowing everyone that know your password to change the way your browser works: We believe that the last point really changes things for browser security and creates some new attack opportunities for hackers. It provides the hacker with a simple way to leap from the victim's home environment (usually very insecure) to work environment (usually secured updated AV and other end point solutions).

Consider the following scenario: The user is signed in to chrome on both work and home computer (So he would be able to "remember if it was two teaspoons of baking soda or two teaspoons of baking powder "). The home computer gets infected by a malware. Now all of the work synced data (such as work related passwords) is owned by the malware.

But it gets worse. The malware can take over the work computer environment. There are two ways:

Possible exploitation #1: The malware installs a rogue extension to the chrome browser on the home computer (rogue extensions were successfully uploaded to the web store). The extension gets synced automatically to his work computer and can now do whatever with his work browsing data. For example it can send every page you visit to the hackers website.

Possible exploitation #2: The malware changes the home page or some bookmark to point to a malware infection site on the home computer. Settings are synced to your work environment. When you open your browser at work you get infected with some 0-day drive-by download. To avoid detection the page can display the original page after the infection has occurred.

Even if the malware gets disinfected on work computer, the malware is able to infect over and over again as the root cause of the infection (=The home computer) is outside of the reach of the IT department.

We name this kind of threats BYOB for "Bring Your Own Browser". While BYOD creates challenges of mixing work data and personal end points, BYOB does exactly the same but it's more elusive as there's no physical device involved.

Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //