Did you know that web browsers such as Chrome, Edge, Firefox, Safari, and Internet Explorer save a lot of personal information that a cyber-attacker could us as research to build a web dossier about you, your likes, and your habits? A personal dossier that could be used for a deeper attack?
Other information stored by your browser can include the public IP address assigned to your Internet router, your first and last name, street address, city, state and zip code, business, home and cell phone numbers, and email addresses.
Anyone with physical access to your computer has access to this information. However, a remote attacker could gain access through the use of a remote access Trojan horse program. This works similarly to legitimate remote control applications such as Team Viewer. This type of exploit is usually delivered via an infected email attachment. It could also be downloaded and installed silently from an infected web page.
There are legitimate tools such as the free NirSoft tool WebBrowserPassView that dumps saved passwords from Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera. While designed to help users recover their own passwords, it can be used by an attacker. Other types of malware can be used to recover this information, including the Cerber, Kriptovor, and CryptXXX ransomware families.
What sort of information does your browser save?
- Recently visited web sites. Also called browser history, this information includes the web address or URL, pages your visited, and the day and time. An attacker would be able to see the sites you visit frequently, such as online banking, shopping, or social media sites. Clearing the browser cache is a good way to limit access to this information. Browsing using “incognito mode” can also reduce the amount of information that is stored.
- Cookies. These small pieces of information are often used to personalize your browser experience. This includes the public IP address that is assigned to your Internet router, and location information such as city, state and zip code. When the website recognizes you or greets you by name, a cookie did that. Cookies are also used for authentication whenever you check the “Remember Me” or “Keep Me Logged In” boxes on login pages. Cookies are often used by advertisers to set ads based on your previous search history or web site views. For example, I recently looked for box racks for my truck, and now every site I go to shows an ad for truck racks. You can go into the settings for your browser and disable cookies, but some sites won’t work without them. Incognito mode helps here too, as does deleting stored cookies.
- Saved credentials. Yikes! Do you let your browser save your passwords? The cache of saved user IDs and passwords is a major find for an attacker. Someone who has physical or remote access can use these stored credentials to log into every account you saved. Never allow the browser to store your passwords, use a password manager such as LastPass instead.
- Autofill information. This is the information that your browser automatically adds to any web forms that you encounter on a web page. This can include first and last name, street address, city, state and zip code. Included in this trove are business, home and cell phone numbers, and email addresses. Turn off this feature. While it may be a time saver, it can provide a lot of personal information to an attacker. I don’t even save autofill information in LastPass.
- Local storage. This is a feature introduced with HTML5 and is basically an upgraded cookie that stores more information than their predecessor, including IP address and timestamp. This feature can be restricted in your browser’s security settings.
The Exabeam article referenced below offers much more detail, if you are looking for that. My recommendation is to spend some time with the security and privacy settings for the browsers you use. There are links below to help you with that project.
- Exabeam report
- Security and browser settings for: