Man in the Browser Attacks
نویسندگان
چکیده
Man-in-the-Browser attacks are a sophisticated new hacking technique associated with Internet crime, especially that which targets customers of Internet banking. The security community has been aware of them as such for time but they have grown in ability and success during that time. These attacks are a specialised version of Man-in-the-Middle attack, and operate by stealing authentication data and altering legitimate user transactions to benefit the attackers. This paper examines what Man-in-the-Browser attacks are capable of and how specific versions of the attack are executed, with reference to their control structure, data interaction techniques, and methods for circumventing security. Finally the authors discuss the effectiveness of counterMan-in-the-Middle strategies, and speculate upon what these attacks tell us about the Internet environment. DOI: 10.4018/jaci.2012010103 30 International Journal of Ambient Computing and Intelligence, 4(1), 29-39, January-March 2012 Copyright © 2012, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. destination. However, the Man could also breach the integrity of the signal before it even leaves the user’s PC, if he subjects the user to a Man in the Browser (MitB) attack. This is a more recent form of attack in which the user’s browser is corrupted in order to act as the tap in the information stream, an attack which “occurs at the system level, between the user and the browser, [rather than via] the protocol layer” (Litan & Allan, 2006). This, structurally speaking, is “a man-in-the-middle attack between the user and the security mechanisms of the browser” (Gühring, 2006). Therefore, in network security terms, “the Middle” is every point along the course an information transaction between the initial input and final output device (i.e., anything that is not a keyboard or a monitor etc). In this sense, the MitB attack is a special case of the MitM attack in which the intrusion occurs at the very nearest end of the middle to the user. 2. MitB IN TERMS OF MitM Let us begin by exploring the places in which MitB differs from MitM. Firstly, MitM intercepts data using an inserted or compromised piece of hardware that is external to the targeted system. MitB on the other hand gains access through the software configuration on that system, generally by way of a Trojan that targets the web browsers on that computer. Secondly, MitM either has to deal with messages that have already been protected by whatever security is associated with the connection (and read/alter them mid-flight in both directions of communication), or has to present a plausible reason for the user to create their connection with the attacker’s own server. MitB does not need to bother with the extra work this entails. In the outward-bound direction, it is the author of all compromised messages sent. In the inward-bound direction, it does still have to deal with a fully formed message, but it does not need to be concerned with modifying the message itself so as to conceal its actions. This is because MitB directly controls the browser, and therefore needs only to modify the browser display to be as the user expects. Together this means that it works outside of any client-side and server-side encryption and validation, and therefore does not have to be concerned with increased latency arising from hashing overheads or to provide dummy keys for public key encryption. This implies another advantage of MitB over MitM, in that MitM is only guaranteed to be able to handle public key encryption (and this only up to a point as discussed in the section “Trust”), whereas MitB is “immune” to all forms of encryption, including symmetric key, by being external to it. Finally, MitM is only truly effective a directed or location-based attack, whereas MitB can be spammed to as many computers as its Trojan is able to infect. If the access point of MitM were somewhere at random in the Internet, it is unlikely for it to be able to extract valuable data or make modifications undetectably. This is because packets can be routed independently, so any data gleaned will probably be fragmentary, and replies to any fraudulent modified messages would not be guaranteed to pass through the same compromised point as the outgoing message, making concealment of modifications almost impossible. To maintain constant contact, the MitM attacker must either be physically close enough to the victim to capture their outgoing data before it has the opportunity to bifurcate, or trick the victim into navigating to the attacker’s own server that will act as a stable mid-point. This compels the attacker to either directly target or in some other way reach out to individuals or groups, and means that this attack does not scale very well. On the other hand, the only such limitations on MitB are around the level of security that is installed on the systems it attacks or is practiced by the people who use them, and it scales very well. Where MitM is limited to a chosen few targets at a time (most effectively spread by mass spam emails with links to compromised sites), individual MitB Trojans are known to have compromised between hundreds and hundreds of thousands of users’ security concurrently (Finjan, 2009; 9 more pages are available in the full version of this document, which may be purchased using the "Add to Cart" button on the product's webpage: www.igi-global.com/article/man-browserattacks/64189?camid=4v1 This title is available in InfoSci-Journals, InfoSci-Journal Disciplines Computer Science, Security, and Information Technology. Recommend this product to your librarian: www.igi-global.com/e-resources/libraryrecommendation/?id=2
منابع مشابه
Web Browser Security: Different Attacks Detection and Prevention Techniques
In this paper, we present a systematic study of how to make a browser secure. Web browser is vulnerable to different attacks; these attacks are performed due to vulnerabilities in the UI of the web page, Browser cache memory, extensions, plug-in. The Attacker can run malicious JavaScript to exploit user system by using these vulnerabilities. Buffer overflow attack, Cross-site-scripting, Man-in-...
متن کاملMan-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning
In this paper, we present a systematic study of browser cache poisoning (BCP) attacks, wherein a network attacker performs a one-time Man-In-The-Middle (MITM) attack on a user’s HTTPS session, and substitutes cached resources with malicious ones. We investigate the feasibility of such attacks on five mainstream desktop browsers and 16 popular mobile browsers. We find that browsers are highly in...
متن کاملMitigating Man - In - The - Browser Attacks with Hardware - based Authentication Scheme
Lack of security awareness amongst end users when dealing with online banking and electronic commerce leave many client side application vulnerabilities open. Thus, this is enables attackers to exploit the vulnerabilities and launch client-side attacks such as man-in-the-browser attack. The attack is designed to manipulate sensitive information via client’s application such as internet browser ...
متن کاملCloak and Dagger: Man-In-The-Middle and Other Insidious Attacks
Information has always been very valuable. Computers are entrusted to maintain and process massive amounts of information. This makes them valuable targets to attackers. One of the most devastating forms of attack is when an attacker gains access to the information without the victim even being aware of it. This paper explores some of the means by which this surreptitious access to information ...
متن کاملA Survey on Security Solutions of Top e-Banking Providers from an Eastern European Market
We analyse the security of e-banking services from top e-banking providers on the Romanian market. This location is relevant from at least two reasons: it’s a dynamic and diverse market situated at the crossroads between central and eastern Europe and half of the providers come from foreign markets (CitiBank, ING, Raiffeisen, etc.) or are acquired by Western European providers (Societe Generale...
متن کاملPoster: Man-in-the-Browser-Cache: Persisting HTTPS Attacks via Browser Cache Poisoning
When browsing the web using HTTPS, if a user Alice ignores, or clicks through, the browser’s SSL warnings of an invalid SSL certificate, she exposes her browser sessions to a Man-in-the-middle (MITM) attack, allowing attackers to intercept communication in the SSL channel. Recent work has measured the click-through rates for SSL warnings, indicating that more than 50% users click through SSL wa...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IJACI
دوره 4 شماره
صفحات -
تاریخ انتشار 2012