Chrome and Safari: hackers’ newest tools

2017January27_Security_BFilling out web forms often seems like an unbearably monotonous obstacle that gets in the way of online shopping, booking a plane ticket, and doing other types of online registration. With many of today’s transactions done online, people have become accustomed to relying on their browsers’ autofill function to save time. But being able to save time from manually filling in your information comes at a price, especially if you’re using Google Chrome, Safari and Apple’s mobile-only Opera.

How do they do it?

By concealing other fields in a sign-up form, users are tricked into thinking they only have to fill out a few fields. The trickery at work is that upon auto-sign up, other fields, which could include your billing address, phone number, credit card number, cvv (the 3-digit code used to validate credit card transactions), and other sensitive information, are auto-filled with the user none the wiser.

This sinister trick is nothing new, but since there hasn’t been any countermeasure since it was first discovered, the threat it poses is worth emphasizing. Finnish whitehat hacker Viljami Kuosmanen recently brought to light how users of Chrome and Safari are particularly vulnerable, and he even came up with a demonstration of how this phishing technique is perpetrated. The technique is so sneaky, it’s enough to make one give up online shopping forever.

Using plugins and programs such as password managers is also fraught with the security risk, as having access to such a utility empowers cyberthieves to do more than just obtain your credit card info; it opens them up to a great amount of personal details.

Preventing an autofill-related theft

So what can you do to avoid falling prey?

Using Mozilla Firefox is one of the easiest available solutions. As of today, Mozilla hasn’t devised a mechanism that affords its users the same convenience that Chrome and Safari users enjoy with autofill. When filling web forms on Firefox, users still have to manually pre-fill each data field due to a lack of a multi-box autofill functionality – a blessing in disguise, given the potential for victimization in autofill-enabled browsers.

Another quick fix is disabling the autofill feature on your Chrome, Safari and Opera (for Apple mobile devices) browsers. This would mean that when filling out web forms, you’d have to manually type responses for every field again, but at least you’d be more secure.

It’s not exactly the most sophisticated form of online data and identity theft, but complacency can result in being victimized by cyber swindlers. Take the first step in ensuring your systems’ safety by getting in touch with our security experts today.

This entry was posted in General Articles B, Security and tagged , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.
  • Internet Presence Management for Small Business Owners

    pronto logoFull-service, pay-as-you-go all inclusive websites, from design and content to SEO and social media management for one low monthly price.

    Learn more about our small business online marketing services.