Browser synchronization abuse: Bookmarks as a covert data exfiltration channel

2022-08-02 04:47

Two universal and seemingly innocuous browser features - the ability to create bookmarks and browser synchronization - make users' lives easier, but may also allow hackers to establish a covert data exfiltration channel.

Some attackers have also recently managed to exploit Chrome's syncing feature and use an extension to connect their computer directly to a targeted workstation, creating a covert channel for remote data manipulation, but also for data exfiltration and C&C communication.

The data can then be reconstructed from those bookmarks when they have been synced to a remote system.

Smuggling data out of enterprise systems via bookmark syncing could be performed by using existing browser profiles/accounts or by attackers creating and logging in with their own account.

"But using bookmarks and sync for exfiltration alone would miss the point; browser sync provides a two-way channel for data," Prefer noted.

Finally, browser developers could also make changes that would prevent outside tampering with bookmarks or set more restricting limits for the synchronization option.

News URL

https://www.helpnetsecurity.com/2022/08/02/data-exfiltration-via-bookmarks/

#browser #exfiltration