When a browser hijackers
Chrome the operating system vulnerabilities have been exposed at the Black Hat 2011 Las Vegas Matt Johnson led team at WhiteHat Security, on the left, and Kyle Osborne, application security specialists at WhiteHat Security offended.(Source: Saisiluosen Blatter / CNET)
LAS VEGAS - Google touted Chrome the operating system from the traditional security issues such as malicious software, but it is still fragile, completely different types of attacks, two researchers at the Black Hat security company WhiteHat told attendees today here.
Chrome the operating system unlike any other existing desktop systems, said Matt Johnson, the first team at WhiteHat Security. "It's more mobile devices and applications, get more from the equipment you will need to install the expansion," he said. "Wrong phone sells for 20 to 30% more than desktop error, because if you have cell phones people have their own lives."
Unlike Apple, however, no review process, which in turn increases the security risk, Kyle Osborne, said experts in application security offensive WhiteHat Security.
"We have actually seen the expansion of the Chrome Web Store who called Cookie theft, which has done this, but hey, this is a check mark next to the safety and protection there," Johnson joked.
When the CR - 48 laptops running OS browser demo was released in December 2010, Google has found close to the security risks at WhiteHat Security, in the Caozuojitong. They soon found a hole in the scratch pad memory, note-taking application, which may affect all users of Chrome OS, because it is one of the few applications, is pre-installed.
When you take notes and register, synchronize your files notes to your Google account. Many people do not know what Google Docs is the person you share a file or folder without receiving approval. It just automatically appear in the file. This lack of structure allows a significant increase in operational risk vulnerabilities, Johnson said, because it involves everyone has access to data Google does not have access to break through the wall.
Risk is even worse, Osborne said. "Because he has access to all subdomains on Google.com, which may include your contact or account voice. A loophole you can export the entire list of contacts, CSV," he said, just because you are using Google, to write applications .
WhiteHat Security, created this extension for testing harmful Chrome the operating system vulnerabilities.
(Source: Saisiluosen Blatter / CNET)
"This is a zero-click, or at best just a click of the worm, saying:" Johnson. He said that Google will soon fix this vulnerability, when his company notified them, but the question more open permissions to the Chrome OS users to leave vulnerable. With the card, a list of API extensions that allow authors to create a powerful tool also led to serious security risks. Expand the list to access the API is a card, which means that an attacker can easily access the entire browsing session.
"Of course, your extension is forced to take notes on your Google Docs account, bank, or extended should talk to your bank," Johnson said, Osborne said he had found the extension, you can access all the browser API including bookmarks, Cookie, History, windows and tabs. "There is no need to inject code to google.com if you have access to the API," he said.
"This is about moving, but also a new feature Andr oid market can use your Google account and install applications [from the desktop to mobile phone] Now we can force the download and install any application, we want, "Osborne said.
When it comes to the threat of browser-based applications, Osborne and Johnson are not looking for the usual suspects, such as Microsoft Office or buffer overflow attacks. They are looking for things such as email notification, RSS reader and note-taking application, it must be completely open permissions to run properly. In essence, they say, are looking for any extension, talks to the database, or extended, to receive input from the user and display it in place.
"Why bother to run native code, the cross-site scripting [attack] to the hacker access to all. Exploits difficult to develop. JavaScript is easy," Johnson said, prompting the audience's laughter.
However, they also have good things to talk about the browser as Caozuojitong. Osborne said the recent Google blog post on how to write more secure browser extensions, Johnson said, some of the features of Chrome OS has done to make your computer more secure. Among these, the most famous sandbox protection card, so they do not "talk" to each other in almost all the local storage, but also pointed out that Caozuoxitong manage their own plug-ins, only the "attack surface" in the client browser vulnerability the virus and eliminate the most modern and malware threats. In addition, he said, Chrome is separate from the rest online store, which means that it is difficult to attack through the store itself.
The problem is complicated license, because in essence becomes the end user in a firewall. Although the program, application or extension you say you install this license, the behavior-blocking those that have fallen to the user. "Whose problem is with these permissions? And" Google? Development? "Johnson asked the crowd.
He added that Google has been talking with his response and public companies on these issues. "We hope to see more of the API restrictions for the future," he concluded.
0 comments:
Post a Comment