You walk into a coffee shop, order something from the menu, and sit down with your laptop. You connect to the public Wi-Fi and begin browsing. Somewhere within the ambient chatter is a threat actor. You don’t know they are there, but they see your newly connected device.
They’re running a fake access point in the form of a Wi-Fi Pineapple attack. The Wireless access point appears completely legitimate. Nothing seems amiss. However, your web traffic is secretly being routed through the attacker’s computer. As the Man-In-The-Middle (MITM) attack commences, they’ve intercepted your credentials.
They know which web browser you’re using, and that’s key to the goal of the attack they’re carrying out because they aren’t after just anything. Rather, they are focusing on penetrating one critical point: your browser account. But why?
Your browser account exists as a central hub. It offers easy access to everything you do, uses, and view within your browser environment. From an attacker's point of view, compromising just one of your accounts wouldn't be very ambitious. Why break into one, when they could compromise them all, with one swift blow?
Hijacking the Nuclei of Connectivity
Web browsers are almost like wallets in every sense. If you sign in to your web browser account, you can access synched browser plug-ins, add-ons, passwords, cookie cache, bookmarks, and search history.
What’s more, this personal user content can be accessed between devices. Browsers contain every bit of personal information, and information is gold, not only to advertisers but to threat actors, who can access far more information than the data collected by trackers.
If you’ve forgotten your login to a particular website, your browser’s password manager stores the credentials, which means you can access the password manager and view all the passwords you have saved, and which sites you used them on.
Firefox, for example, encrypts and stores cached browser passwords locally on the device. At the same time, the browser account lets you sync all your data across devices. Passwords. Search history. Configurations, the works. Talk about keeping all your cookies in one jar.
That’s pretty convenient. You can access this browser and all the data on any device at any time. But like most things that offer convenience, you must wonder, is this secure?
What would happen if someone was able to obtain access to your browser account? After all, having access to your personal browser on multiple devices only increases the possible attack surface, as the risk increases of having your personal information fall into the wrong hands.
Think about it. If your browser were ever to become compromised, all that it contains will now be theirs. Essentially, once the browser account is compromised, it would be no different for them to log in to your accounts as you do. Point. Click. Enter.
With that in mind, what does your web browser say about you? Let’s dive deeper.
Hacker’s Wisdom
Hackers are at the forefront of cybersecurity incidents and the latest trends. Oftentimes, they’re responsible for creating them. But that’s not always the case. There is much to be learned from what they know, and from their experiences.
Since not all hackers harbor the same motives, others are here to offer advice and to help protect, as well as shape a society against the rise of online threats. After all, unbeknownst to most people, vulnerabilities often exist right under our noses.
“Once an attacker is visiting a website you have an account with, and the password cookie is shaded, all they have to do is reveal the password,”
--says Valery, who also goes by the alias DeepNet.
Valery, a.k.a.DeepNet, is a young technology enthusiast, hacker, bug bounty hunter, and researcher, who is driven by her thirst for knowledge.
Once the browser account has been compromised, visiting any website the victim has an account with not only presents a chance to assume control over the account, but it unmasks the passwords the victim used to log in. Since most people reuse passwords across different sites, the possibilities of an all-out hostile takeover are theoretically endless.
“A threat actor could uncover a whole trove of information if he had gained access to your web browser information. Any saved login account passwords, stored cookies, browser settings, etc.,” she adds.
DeepNet emphasized how broad the scope of the attack could reach, which not only includes email accounts, which are often used for 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), but crypto wallet information, saved credit card numbers, as well as all the details that comprise an individual’s personal identifiers.
“Whatever you have saved onto your browser, for ease of access and convenience, can be extracted,” she says.
One effective way threat actors can gain access to your information is through malware. DeepNet further explains:
“You can become infected from pop-up advertisements that redirect you to an insecure site. RedLine is a popular info-stealing malware that collects credentials. This targets Chrome, Opera, and Microsoft Edge, but there is other malware being shared and distributed that target other types of browsers, as well.”
Let’s put this into perspective. Malware of this kind is like an all-purpose Swiss Army knife. Because of the proliferation of malware, which exponentially increases annually, DeepNet insists that users always use antivirus apps. This includes their mobile devices.
“[D]on't click unknown or suspicious links, use an ad blocker, and don't store personal information on your browser. If you want to save your passwords, I suggest using an encrypted password manager,” she says.
In addition to maintaining mindfulness of healthy browser habits along with encrypted password storage, she adds, “one great tool I use on my browser is an extension called 'HTTPS everywhere.' It ensures that any site I go to is using a secure HTTP protocol connection, if available. A bit of preventative security can go a long way.”
Browsers give users a lot of freedom when it comes to customizable preferences. For example, browsers often prompt users if they would like to save the password they just entered. This is a prime moment for a security checkpoint. Instead of choosing to save the login, this is where the encrypted password manager comes into play.
Some password managers work on a subscription basis, while others exist as a cloud service. Still, others can be downloaded and launched as desktop apps. Regardless of the flavor, making use of 2FA provides an extra-needed layer of protection against your password manager becoming compromised.
This isn’t a cure-all. If your device ever becomes infected with malware, then the attacker will be able to capture all the keystrokes you enter into it, including the credentials you use to unlock the password manager. This is why it’s critical to maintain your device’s virus definitions, so it can stay up to date on the latest malware file signatures.
Your device is your castle. But having a castle is useless unless it’s properly defended.
An article by
Jesse McGraw
Edited by
Anne Caminer
The original article can be found here
Comments