03/12/2021

XS-Leaks: Fourteen new types of attacks on web browsers detected - Βρέθηκαν 226 ευπάθειες σε εννέα δημοφιλή WiFi routers

Security experts have identified 14 new types of attacks on web browsers that are known as cross-site leaks, or XS-Leaks. Using XS-Leaks, a malicious website can grab personal data from visitors by interacting with other websites in the background. The researchers from Ruhr-Universität Bochum (RUB) and Niederrhein University of Applied Sciences tested how well 56 combinations of browsers and operating systems are protected against 34 different XS-Leaks. To this end, they developed the websiteXSinator.com, which allowed them to automatically scan browsers for these leaks. Popular browsers such as Chrome and Firefox, for example, were vulnerable to a large number of XS-Leaks. "XS-Leaks are often browser bugs that have to be fixed by the manufacturer," says  one of the authors of the paper.

XS-Leaks bypass the so-called same-origin policy, one of a browser's main defenses against various types of attacks. The purpose of the same-origin policy is to prevent information from being stolen from a trusted website. In the case of XS-Leaks, attackers can nevertheless recognize individual details of a website. If these details are tied to personal data, those data can be leaked. For example, emails in a webmail inbox could be read from a malicious site, because the search function would respond in a different way depending on whether there were results for a search term or not. In order to systematically analyze XS-Leaks, the group first identified three characteristics of such attacks. Based on these, they then derived a formal model that aids in understanding XS-Leaks and helps in detecting new attacks. As a result, the researchers identified 14 new attack categories. The researchers published their findings online and at the ACM Conference on Computer and Communications Security, which was held as a virtual event in mid-November 2021.

https://techxplore.com/news/2021-12-fourteen-web-browsers.html

Τα WiFi routers που εξέτασαν οι ερευνητές κατασκευάζονται από τις Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology και Linksys και χρησιμοποιούνται από εκατομμύρια ανθρώπους. Τα routers με τις περισσότερες ευπάθειες είναι το TP-Link Archer AX6000 με 32 σφάλματα και το Synology RT-2600ac με 30 σφάλματα ασφαλείας. Η ανάλυση έγινε από ερευνητές της IoT Inspector σε συνεργασία με το CHIP magazine. Οι ερευνητές εστίασαν σε μοντέλα που χρησιμοποιούνται κυρίως από μικρές επιχειρήσεις και οικιακούς χρήστες. Αξίζει να σημειωθεί ότι τα WiFi routers έτρεχαν την πιο πρόσφατη έκδοση firmware. Όλοι οι κατασκευαστές των ευάλωτων WiFi routers ανταποκρίθηκαν στα ευρήματα των ερευνητών και κυκλοφόρησαν ενημερώσεις firmware για να διορθώσουν τις ευπάθειες (αν και δεν έχουν διορθωθεί όλες).

ΔΙΑΒΑΣΤΕ ΠΕΡΣΣΟΤΕΡΑ: https://www.secnews.gr/375654/ereunites-brikan-226-eupatheies-se-dimofili-wifi-routers/

No comments :

Post a Comment