02/03/2019 / By Edsel Cook
Computer hackers are always looking for ways to get their hands on your Internet browsing history. A Science Daily article reported on four new methods through which a hacker could sniff out what website you last went to.
The “history sniffing” style of hacking is not a new concept. However, the new techniques are much faster and far more effective than their predecessors.
Cyber security experts from the University of California San Diego (UC San Diego) and Stanford University (Stanford) warn that hackers can now recognize your online activity in just a few seconds. The new history sniffing methods are also able to bypass the security measures of the latest web browsers.
All four techniques worked on Google Chrome. Furthermore, two methods were able to beat many other kinds of web browsers. The list of compromised programs included Mozilla Firefox, Microsoft’s Internet Explorer and Edge, and the Brave browser.
The Tor browser was the only browser that defeated history sniffing hacking attacks. It was the only one that did not record a user’s browsing history to begin with. (Related: U.S. cybersecurity experts scrambling to thwart major attacks on power, water, gas infrastructure by “bolting on” fixes to old vulnerable systems.)
The new attacks are based on “phishing.” A cyber criminal will trick an Internet user to reveal login information. The hacker proceeds to scan the history of the compromised browser.
A hacker can do a lot of damage with the browsing history. He can blackmail a user by threatening to reveal information about embarrassing or illegal websites that the latter visited. Or he could redirect a user to a fake version of a legitimate website.
The practice of history sniffing is not just limited to hackers. During the 2010s, many internet marketing companies offered “analytics tools” that did much the same thing.
The joint UC San Diego-Stanford research team demonstrated the newest ways to conduct history sniffing attacks. Their JavaScript codes trick a web browser into changing its behavior whenever the latter program visits a website.
The techniques took advantage of the customization features that let a user change the appearance of the browser. The biggest vulnerability was the new CSS Paint API feature of Google Chrome that caused so much trouble in 2017.
The researchers warned that every brand new browser and added feature made the act of browsing the Internet much more unsafe.
The proposed solution is harsh but supposedly necessary. Browsers should strictly regulate how they use the browsing histories of their users when they are bringing up web pages from various locations.
For example, most browsers use blue as the font color of a link that leads to a website. If a user clicks on this link, the browser will change the font color to purple.
This feature reminds the user that he has already visited that website. It also tells a history sniffing hacker that his victim goes to that website.
The researchers demonstrated how a browser can prevent this from happening. In their model, opening a link in a website will not change the color of the links found in a different site. They also added an option that lets a user exempt a specific website from such strict security measures.
The UC San Diego-Stanford researchers are improving their model in the hope that browser companies will take note of their suggestions. They are also trying to find the right balance between ensuring the security of the user and actually getting use out of the Internet.
Read Computing.news for more stories about modern computing.
Sources include:
Spinda.net [PDF]
Tagged Under: browser, browser security, computer hackers, computing, cyber criminals, cyber hacking, cyber security, cyber war, cyberhacking, Glitch, hackers, hacking, Internet Security, phishing