Breaking News

Bookmark Syncing is the New Tool for Sneaking in Cyber Attack Tools

Aratrika
Article Updated: August 4, 2022
Comments Off on Bookmark Syncing is the New Tool for Sneaking in Cyber Attack Tools
Cyber attack

Cyber attack

Browser synchronization increases the risk of cyber attack, thus a cybersecurity threat!

Modern browsers include synchronization features (like Google Chrome’s Sync) so that all your browsers, on all your devices, share the same tabs, passwords, plugins, and other features. While this is undoubtedly convenient, particularly when you’re migrating to a new device, synchronizing browsers also comes with some risks. So, can bookmark syncing be a new cyber attack tool for hackers? Let’s find out.

Synchronized data can include browser history, bookmarks, passwords, cookies, and other information that users consider private and typically have no intention of sharing with anyone else. Password, cookie, and payment card secrecy are also important for security. Browser synchronization increases the risk of inadvertently sharing that information with other users of the computers you sync between. It’s important to consider whether you are truly the only user of a system that is set to synchronize. Imagine what can happen if your kids are playing with your home laptop and it synchronizes to your work system.

On that note, Bookmark synchronization has become a standard feature in modern browsers: It gives Internet users a way to ensure that the changes they make to bookmarks on a single device take effect simultaneously across all their devices. However, it turns out that this same helpful browser functionality also gives cybercriminals a handy attack path.

Security threats can also be copied from one device to another, in the form of malicious extensions (also called plugins or add-ons), and open tabs. Malware in the form of browser extensions is relatively rare, but it does happen. There are infected JavaScript-based extensions with malicious code that made it possible to introduce malware to an affected system.

Google regularly has to clear out bad extensions from its Chrome Web Store. While many of those extensions would fall into the categories of Potentially Unwanted Programs (PUPs) or adware, they can still cause problems and many would be frowned upon if you introduced them into your work environment by synchronizing from your home browser.

Malicious browser extensions are a known and widespread threat, used by attackers to perform actions such as stealing passwords, exfiltrating email data, or delivering additional malware. Some attackers have also recently managed to exploit Chrome’s syncing feature and use an extension to connect their computer directly to a targeted workstation, creating a covert channel for remote data manipulation, but also (conceivably) for data exfiltration and C&C communication.

But the use of browser extensions can be restricted in enterprise environments, blocking that particular access path, so SANS Technology Institute student David Prefer decided to investigate whether bookmarks could be exploited similarly. He discovered that they can, and he created a basic PoC PowerShell script to make the data exfiltration process via synced bookmarks easy.

Significantly, bookmark syncing is not the only browser function that can be abused this way, Prefer says. “There are plenty of other browser features that are used in synchronization that could be misused similarly, but would require research to investigate,” he says. As examples, he points to autofills, extensions, browser history, stored passwords, preferences, and themes, which can all be synchronized. “With a bit of research, it might turn out that they can also be abused,” Prefer says.

Post navigation

Posted in:

More Articles

By the same author

AI

Next Time a Cookie Pops Up on Your Computer, Hire These Killer AI Armies

Aratrika
Apr 19, 2022

After years of suffering from cookie pop-ups, a new AI tool has finally offered hope of an escape …

Yuga Labs’ New NFT “The Otherside” Is Hyped Even Before Its Launch

Aratrika
May 4, 2022

Yuga Labs with its new NFT “The Otherside” became the new undisputed leader of the NFT micro sector…

Telemedicine Companies

Top 10 Telemedicine Companies for You to Watch Out in 2022

Aratrika
Feb 17, 2022

Here is the list of the top 10 telemedicine companies that are streamlining medical treatment around…

Adopting AI

Four Aspects Companies Must Emphasis on Before Adopting AI

Aratrika
Aug 3, 2021

Artificial intelligence and machine learning have become the most important part of our daily lives.…

Rajinification of Programming Language! Superstar Vibe Check

Rajinification of Programming Language! Superstar Vibe Check

Aratrika
May 26, 2022

Let’s know about the rajini++ programming language is based on the dialogues of Thalaiva Introducing…

AI solutions

Importance of Strong Business Objectives Before Enforcing AI Solutions

Aratrika
Aug 12, 2021

The use of Artificial Intelligence in the tech industry is growing at a fast rate. One can barely look…

Bill Gates

Don’t Buy Just Because Someone Said So: Bill Gates Denies Crypto’s Social Value

Aratrika
May 24, 2022

Let’s explore what the legendary founder of Microsoft- Bill Gates has to say about the value of Crypto…

AI

Coders are Furious About Github’s AI Assistant: Are they Overreacting?

Aratrika
Jul 7, 2022

Based on the Codex, this AI Assistant is the next step in a long line of “intelligent auto-completion”…

NTT Ltd. launches new hyperscale data center park in Navi Mumbai

NTT Ltd. launches new hyperscale data center park in Navi Mumbai

Aratrika
May 27, 2022

NTT launches its second hyperscale data center campus in India Consolidates its position as the market…

Related Articles

From the same category

Reendex

Must see news

Could Decentralization be Effective in Closing Cybersecurity Skills Gap?

22 May 2020 12.00 pm

The continuously growing cyber attacks across…

Continue reading

How India is Preparing for Cybersecurity

26 Nov 2019 12.22 pm

Cybersecurity landscape in India is rapidly…

Continue reading
CyberSecurity Data privacy 5G IoT Cloud

10 Cybersecurity and Data Privacy Predictions for the 21st Century

05 Aug 2020 11.54 am

Consider cybersecurity and data privacy…

Continue reading