Browser Cache: Goodies For Hackers

LAS VEGAS — Your browser’s cache may be helping hackers to help themselves to your information.

During a Black Hat conference discussion on the topic, Corey Benninger, a senior consultant at McAfee’s Foundstone division, described cached browser information as a ticket for instant hacker gratification.

The browser cache is intended as a usability feature that helps to expedite a user’s browsing experience. It stores page and other data so that when a user clicks the back button in a browser session, for example, the browser can reload the page from cache.

The cache may also store user-inputted data as part of autocomplete scenario are as part of a form submission. That data could potentially include personally identifiable information such as credit card numbers and banking information.

When a hacker compromises a system looking for financial gain, typical attack vectors include leaving a trojan or a keylogger behind in hopes that users will eventually give up their information.

Cached browser information offers hackers instant gratification, according to Benninger, since the attacker can get a user’s credentials much faster than the trojan or keylogger approach.

Cached browser information comes in several forms. The simplest resides in a user’s history, which holds details of which sites were visited.

Parameters in the URL could potentially include session ids, usernames and account numbers. Form inputs represent another form of cached information that could include personal information.

In addtion, the autocomplete function present in browsers uses the cached info to help users ‘autocomplete’ forms, which is intended to help improve usability.

Ripping all that cached information out of a browser isn’t all that hard to do. An open source GPL  licensed tool developed by Foundstone called dumpAutoComplete that Benniger described (and was included in the Black Hat conference tools CD). The tool will also convert FireFox browser users’ form history data into searchable XML.

Benninger noted simple measures that sites can use to help eliminate the risks associated with a browser cache. For one, site owners need to turn off AutoComplete tags within their forms for confidential information.

And, of course, an easy way for users to themselves is to always clear their browsers’ cache.

News Around the Web