Listen to the Podcast:
When signing in to a website like Facebook or Twitter, Google Chrome frequently displays a pop-up asking the user to save their password. In we describe the mechanism used to store and protect passwords and indicate whether it is safe to select “Save”.
Is it safe to save your passwords in Google Chrome?
Google Chrome’s storage mechanism presents a security risk only if the computer has been previously compromised or exposed, although the use of a database called SQLite3 adds an additional attack vector that could be exploited by cybercriminals, according to ESET, a cyber security firm.
The only known risk associated with this mechanism is theft of stored credentials. Therefore, it is recommended not to use such a database and, if you do, not to keep passwords for essential services that contain personal information, such as:
- online bank
- social media
- medical websites
What happens when you allow “store” your passwords?
By clicking “accept” when Google Chrome asks “Do you want to save the password?”, the user consents to the saving of the username and password submitted in the login form of a website. This Information can be specifically stored in a SQLite3 database located at the following address:
- %LocalAppData%\Google\Chrome\User Data\Default\Login Data.
The tables in this database contain a variety of fields, with the “logins” table containing the most sensitive data, including the “username value” and “password value” fields. These fields are meaningless without the “origin_url” field, which tells Google Chrome which website the credentials correspond to.
The other fields contribute to a lesser extent to the correct functioning of the mechanism. Due to fundamental security concerns, passwords are not stored in plain text. On Windows systems, the browser employs an encryption feature provided by the operating system, CryptProtectData (Crypt32.dll), according to ESET.
Is there a real danger with this mechanism in Google Chrome?
Google Chrome’s “Save Password” feature is designed so that encrypted data can only be decrypted by the same user who was logged in at the time the password was encrypted. Additionally, it can be configured to only decrypt data on the same computer that it was encrypted on.
The tech giant does not use a password set by the user, but rather the user’s operating system credentials. Therefore, a cybercriminal would be forced to decrypt them by logging in as the same user who created them and transmitting them.
If an attacker gains access to the computer, they could easily obtain and crack the plaintext passwords if this mechanism is used to store them.
This type of behavior has been observed in various malware, including Latin American-specific banking Trojans designed to capture login credentials for online banking sites.
How do attacks with your passwords work?
In these attacks, the cybercriminal can obtain both the structure and the content of the tables. For example, they could try to log in to Facebook with fake credentials and then select the option for Google Chrome to store the credentials.
Once the username and password have been saved to the browser’s database, the user can locate the file containing this information and access it with a database viewer program, such as DB Browser for SQL lite.
From there, they can locate entries in the “logins” table that contain login information, such as:
- url
- Username
- Encrypted password.
The stored password is encrypted in a BLOB (Binary Large Objects, such as images or audio files) structure, and the program displays its hexadecimal representation when the user clicks on that field.
The perpetrator now has the encrypted username, website, and password, and only needs to decrypt them. Since the active user is likely the same one that previously saved the password, an attacker with access to the computer in question can easily crack the password using Crypt Unprotect Data instead of DB Browser.
Anyone with physical or remote access to the computer can perform these actions, so it’s important to use a strong and unique password for each account, enable two-factor authentication, be careful when allowing Google Chrome to save passwords, and maintain security of your computer. to date, according to ESET.
Subscribe to our latest newsletter
To read our exclusive content, sign up now. $5/month, $50/year
Categories: Technology
Source: vtt.edu.vn