Security News > 2021 > March > New Browser Attack Allows Tracking Users Online With JavaScript Disabled
Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled.
In avoiding JavaScript, the side-channel attacks are also architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms, including Intel Core, AMD Ryzen, Samsung Exynos 2100, and Apple M1 CPUs - making it the first known side-channel attack on the iPhone maker's new ARM-based chipsets.
While these leaky side-channels can be effectively plugged by domain isolation techniques, browser vendors have incorporated defenses to offer protection against timing attacks and fingerprinting by reducing the precision of time-measuring functions, aside from adding support for completely disabling JavaScript using add-ons like NoScript.
The latest research released this week aims to bypass such browser-based mitigations by implementing a side-channel attack called "CSS Prime+Probe" constructed solely using HTML and CSS, allowing the attack to work even in hardened browsers like Tor, Chrome Zero, and DeterFox that have JavaScript fully disabled or limit the resolution of the timer API. "A common trend in these approaches is that they are symptomatic and fail to address the root cause of the leakage, namely, the sharing of microarchitectural resources," the researchers outlined.
Although these methods exploit a covert timing channel in the CPU cache, the new attack devised by Ben-Gurion researchers targets a cache-based side-channel in modern web browsers.
"One complicating factor to this concept is the fact that the web browser makes use of additional shared resources beyond the cache, such as the operating system's DNS resolver, the GPU, and the network interface. Cache partitioning seems a promising approach, either using spatial isolation based on cache coloring, or by OS-based temporal isolation."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/ABjGBrLXfHY/new-browser-attack-allows-tracking.html