On Saturday 4th February 2012, BBC’s Click programme ran a story about crackers outwitting “online banking identity security systems”; a printed article can be found here.
The browser-in-the-midde attack works somewhat like a phishing scam, where your browser tricks you into providing personal information, which is harvested by the malicious code and sent to a cracker or other criminal. The malicious code could also perform a transaction without you knowing, stealing money from your bank account while covering up its tracks.
Browser in the middle attacks are often generated by a small piece of malware code which maybe download from a poisoned website unknowingly. Not all virus checkers detect and quarantine this new form of malicious code. This enables browser in the middle malware code to reside within the browser’s cache or elsewhere on your hard disk, waiting for an opportunity to be activated when you logon to your on-line banking provider.
For example, you maybe asked to re-enter your security information onto the bank’s official website. Upon visiting your on-line bank the malicious code is executed. The bank’s website has additional web page content rendered by the malicious code on-the-fly that looks genuine to you, while harvesting your personal information or stealing money from your bank account.
While this may seem an alarming piece of news, there are certain things one can do to reduce the risk of your data being harvested by these sort of attacks. So how can I reduce risk of the “browser-in-the-middle” attack?
If you suspect that something odd is going on with your web browser, a first step is to clear the cache completely and delete all cookies; they will re-populate. You should close the web browser down and re-open it after running these actions. These actions should be carried out with all installed web browsers on your OS (Operating System) which you think are behaving oddly; and possibly regardless of odd behaviour.
The next action to take is to update your virus definitions for your virus checker and run a full scan on your computer. If you do not have a virus checker installed, you should install one. There are many different flavours of virus checkers available, including a free one from Microsoft for Windows OS. If you run a UNIX/Linux based OS, including OS X, there are also virus checkers available for these platforms.
If you think your web browser has become compromised, there are additional actions one can take.
If you use a Safari web browser on Mac OS X, there is also an option to run “Reset Safari” [Safari ➜ Reset Safari…]. This will wipe every setting and put Safari back to a state as if it was newly installed. If you use Safari on Windows, you can uninstall, reboot and reinstall a clean fresh copy of Safari.
If you have Firefox installed, in addition to deleting the browser’s cache and clearing all cookies, you should uninstall Firefox, reboot your computer and re-install a clean fresh copy of Firefox. If you don’t have a Firefox install file (.exe for Windows, .dmg format for Mac OS X, or with other UNIX and Linux distributions from their software repositories or from the web browser’s site), you can download an installer from http://www.mozilla.org/.
If you have Google Chrome browser installed, from the menu, select “Clear Browsing Data” [Chrome ➜ Clear Browsing Data…] and close the browser. If upon re-opening, Chrome browser is still behaving erratically: close Chrome, uninstall, reboot your computer and reinstall from a fresh copy of Chrome. You can download a clean copy of Google Chrome from: https://www.google.com/chrome/.
You may also want to make the following temporary change to Google Chrome. Within Google Chrome’s Preference settings, click on “Under the Hood”. Under “Privacy”, click “Content Settings…”. You will find a function called “Handlers” which you may want to turn off temporarily.
There is also another feature that can be enabled to remove downloaded cache data and cookies for a browsing session: Private browsing. If you are going to look at unfamiliar sites, you could turn on “Private Browsing” with Firefox and Safari, while “Incognito” with Chrome performs a similar function. This way, downloaded data should not be stored when you finish a private browsing session or close the web browser. If in doubt, you can still clean out all downloaded data, cache and cookies.
To enhance your on-line browsing security and to reduce the risk of your data being hijacked, I would recommend installing 2 or 3 web browsers. One browser should be used for trusted sites that you shop with on-line or use for on-line banking. Other web browser(s) can be used for all other web surfing.
On-line banking should be carried out with a secure (“https://”) connection using a PINSentry (Barclays) or SecureKey (HSBC) encryption device provided by your bank. Note: always ensure that a “padlock” is visible in the web browser and the site’s URL (Uniform Resource Locator – where the web address is displayed) starts with “https://” when purchasing items on-line at the check-out stage or when logging on for on-line banking; https means that information is sent encrypted.
I would also recommend ensuring the browser you use for on-line shopping, transactions and banking, is not the “default” web browser, incase you click on a link (such as within an email) that takes you to an erroneous website. Note: be wary of emails purported to be from your bank. A bank should never ask you for your identification, or to provide personal information through an email, or link to a bank’s website from an email purported to be from your bank. Your bank will expect you to type in their website address into your browser’s URL or use your own bookmark to their main site.
Your default browser can be any installed web browser, it does not have to be a supplied web browser e.g. Internet Explorer or Safari, with the accompanying Operating System (OS) such as: Windows, OS X, Linux Ubuntu, PC-BSD, etc. Also be aware of extensions you install into your web browser and what functions and features you have enabled.
If you use a Windows computer, I would avoid using Internet Explorer as it integrates into the file manager system with Windows; on Apple OS X, Safari is not integrated into the Finder (file manager) system. With Linux/UNIX OSes the default web browser and file manager applications are generally not integrated.
Addendum to virus checkers: While no virus checker is 100% efficient, I would recommend installing a virus checker on your computer, especially if you run Windows. While you are less likely to be infected with a member of the virus family on a UNIX/Linux OS, the threat is not non-existent and you could be a forwarder of Windows viruses unknowingly. In addition to installing a virus checker, I would also check weekly for security patches and software updates for your OS, as these often plug discovered security flaws within the OS software.
Addendum to on-line banking: If you do use on-line banking, ask your bank to provide additional security systems like PINSentry, SecureKey or something similar. Using a different browser for on-line transaction activity from all other on-line activity, ensuring transactions are carried out encrypted using “https://” connection, clearing out the cache, cookies and resetting/reinstalling a clean copy of a web browser where necessary, should help to keep you safer on-line.
And in the immortal words of the talking book from The Hitch Hikers Guide To The Galaxy, Don’t panic! Taking these measures should help towards reducing your risk of browser-in-the-middle attacks.
For additional information on computer security, please also see article: “A brief security guide to protecting your login identity“.