Did you know that web browsers such as Chrome, Edge, Firefox, Safari, and Internet Explorer save a lot of personal information that a cyber-attacker could us as research to build a web dossier about you, your likes, and your habits? A personal dossier that could be used for a deeper attack?
Did you know that web browsers store parts of web pages on your hard drive, in the browser cache, also known in Windows as Temporary Internet Files. This cache contains images, JavaScript code elements, HTML files, and other web elements. The purpose is to speed up web browsing when you revisit a site you’ve been to before. The web page can be reloaded from the local cache on your hard drive a lot quicker than downloading the again page over the Internet connection.
Other information stored by your browser can include the public IP address assigned to your Internet router, your first and last name, street address, city, state and zip code, business, home and cell phone numbers, and email addresses.
Anyone with physical access to your computer has access to this information. However, a remote attacker could gain access through the use of a remote access Trojan horse program. This works similarly to legitimate remote control applications such as Team Viewer. This type of exploit is usually delivered via an infected email attachment. It could also be downloaded and installed silently from an infected web page.
There are legitimate tools such as the free NirSoft tool WebBrowserPassView that dumps saved passwords from Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera. While designed to help users recover their own passwords, it can be used by an attacker. Other types of malware can be used to recover this information, including the Cerber, Kriptovor, and CryptXXX ransomware families.
What sort of information does your browser save?
- Recently visited web sites. Also called browser history, this information includes the web address or URL, pages your visited, and the day and time. An attacker would be able to see the sites you visit frequently, such as online banking, shopping, or social media sites. Clearing the browser cache is a good way to limit access to this information. Browsing using “incognito mode” can also reduce the amount of information that is stored.
- Cookies. These small pieces of information are often used to personalize your browser experience. This includes the public IP address that is assigned to your Internet router, and location information such as city, state and zip code. When the website recognizes you or greets you by name, a cookie did that. Cookies are also used for authentication whenever you check the “Remember Me” or “Keep Me Logged In” boxes on login pages. Cookies are often used by advertisers to set ads based on your previous search history or web site views. For example, I recently looked for box racks for my truck, and now every site I go to shows an ad for truck racks. You can go into the settings for your browser and disable cookies, but some sites won’t work without them. Incognito mode helps here too, as does deleting stored cookies.
- Saved credentials. Yikes! Do you let your browser save your passwords? The cache of saved user IDs and passwords is a major find for an attacker. Someone who has physical or remote access can use these stored credentials to log into every account you saved. Never allow the browser to store your passwords, use a password manager such as LastPass instead.
- Autofill information. This is the information that your browser automatically adds to any web forms that you encounter on a web page. This can include first and last name, street address, city, state and zip code. Included in this trove are business, home and cell phone numbers, and email addresses. Turn off this feature. While it may be a time saver, it can provide a lot of personal information to an attacker. I don’t even save autofill information in LastPass.
- Local storage. This is a feature introduced with HTML5 and is basically an upgraded cookie that stores more information than their predecessor, including IP address and timestamp. This feature can be restricted in your browser’s security settings.
The Exabeam article referenced below offers much more detail, if you are looking for that. My recommendation is to spend some time with the security and privacy settings for the browsers you use. There are links below to help you with that project.
More information:
- Exabeam report
- Security and browser settings for:
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com