Hacking Your Browser for Personal Information

Did you know that web browsers such as Chrome, Edge, Firefox, Safari, and Internet Explorer save a lot of personal information that a cyber-attacker could us as research to build a web dossier about you, your likes, and your habits?  A personal dossier that could be used for a deeper attack?

Did  you know that web browsers store parts of web pages on your hard drive, in the browser cache, also known in Windows as Temporary Internet Files.  This cache contains images, JavaScript code elements, HTML files, and other web elements.  The purpose is to speed up web browsing when you revisit a site you’ve been to before.  The web page can be reloaded from the local cache on your hard drive a lot quicker than downloading the again page over the Internet connection.

Other information stored by your browser can include the public IP address assigned to your Internet router, your first and last name, street address, city, state and zip code, business, home and cell phone numbers, and email addresses.

Anyone with physical access to your computer has access to this information.  However, a remote attacker could gain access through the use of a remote access Trojan horse program.  This works similarly to legitimate remote control applications such as Team Viewer.  This type of exploit is usually delivered via an infected email attachment.  It could also be downloaded and installed silently from an infected web page.

There are legitimate tools such as the free NirSoft  tool WebBrowserPassView  that dumps saved passwords from Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera. While designed to help users recover their own passwords, it can be used by an attacker.  Other types of malware can be used to recover this information, including the Cerber, Kriptovor, and CryptXXX ransomware families.

What sort of information does your browser save?

  • Recently visited web sites.  Also called browser history, this information includes the web address or URL, pages your visited, and the day and time.  An attacker would be able to see the sites you visit frequently, such as online banking, shopping, or social media sites.  Clearing the browser cache is a good way to limit access to this information.  Browsing using “incognito mode” can also reduce the amount of information that is stored.
  • Cookies.  These small pieces of information are often used to personalize your browser experience.  This includes the public IP address that is assigned to your Internet router, and location information such as city, state and zip code.  When the website recognizes you or greets you by name, a cookie did that.  Cookies are also used for authentication whenever you check the “Remember Me” or “Keep Me Logged In” boxes on login pages.  Cookies are often used by advertisers to set ads based on your previous search history or web site views.  For example, I recently looked for box racks for my truck, and now every site I go to shows an ad for truck racks.  You can go into the settings for your browser and disable cookies, but some sites won’t work without them.  Incognito mode helps here too, as does deleting stored cookies.
  • Saved credentials.  Yikes!  Do you let your browser save your passwords?  The cache of saved user IDs and passwords is a major find for an attacker.  Someone who has physical or remote access can use these stored credentials to log into every account you saved.  Never allow the browser to store your passwords, use a password manager such as LastPass instead.
  • Autofill information.  This is the information that your browser automatically adds to any web forms that you encounter on a web page.  This can include first and last name, street address, city, state and zip code. Included in this trove are business, home and cell  phone numbers, and email addresses.  Turn off this feature.  While it may be a time saver, it can provide a lot of personal information to an attacker.  I don’t even save autofill information in LastPass.
  • Local storage.  This is a feature introduced with HTML5 and is basically an upgraded cookie that stores more information than their predecessor, including IP address and timestamp.  This feature can be restricted in your browser’s security settings.

The Exabeam article referenced below offers much more detail, if you are looking for that.  My recommendation is to spend some time with the security and privacy settings for the browsers you use.  There are links below to help you with that project.

More information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.