A new vulnerability called Data Spy has managed to spy on millions of users by penetrating eight extensions into Internet browsers. Learn about these extensions and remove them immediately.
Extensions to be removed
The discovered vulnerability affects a number of Chrome and Firefox browser extensions and all Chrome-based browsers such as Opera and Yandex, and runs on all operating systems. If you run a Windows operating system, macOS , Chrome, or even a Linux distribution like Ubuntu and have one of the following extensions installed in your browser, your information is at risk.
Firefox add-ons that have the following issues include:
- net Helper
- FairShare Unlock
The following plugins can also steal your private information in Chrome browser:
- FairShare Unlock
- Hover Zoom
- Branded Surveys
- Community Surveys Panel
Of these extensions, two are SpeakIt! And FairShare Unlock has over one million users worldwide. Therefore, many people are at risk for this vulnerability.
You should also check the sync of your browser extensions. With this feature enabled, extensions from one of your browsers may also be moved from one device to another. For example, one of the problematic extensions may have been transferred from your home computer to your workplace computer.
What information do these extensions collect?
The variety and volume of information collected by this vulnerability is worrying. If you have one of the aforementioned extensions installed on your browser, it can steal the following information:
- user name
- Bank card information
- personal favorites
- Tax information
- Family Information
- Genetic information
Also, if you have one of these extensions installed on your work computer, it could steal your organization’s information such as company emails, firewall access codes and API keys. The information first is stolen by the plug-in and then sold to a company that specializes in data analysis.
How do plug-ins collect information?
Some add-ons that collect information point to their terms and conditions. There are usually details in the rules about notifications to collect browser information by extension. However, most users do not read the terms and conditions of extensions and it seems that if they were aware of the issue, they would not be allowed to access their information.
Sam is a security researcher who discovered the vulnerability and named it DataSpii . Even security measures such as authentication or encryption cannot prevent this information being stolen by this vulnerability. The vulnerability works with the Browser API which has legitimate uses but DataSpii exploits them.
Infected extensions use clever tricks to prevent detection. For example, the plug-in does not perform any suspicious activity for 2 hours after installation, and it starts working afterwards, meaning that if users check the installed plug-in carefully, they will not notice any wrongdoing because stealing information starts after 2 hours. Can be.
In addition, even if a user removes the plugin, the data collects by the plugin can still be sselling to other people.
What information sources do extensions infiltrate?
The most important information sources for extensions are collecting through share links. For example, suppose you want to create a video conversation via Skype and email the link to the other person to click on it and start the conversation.
If you have one of the aforementioned plug-ins installed, that plug-in can interfere with the link, and when you open it in a browser, the plug-in can intercept your actions. This way the plug-in can eavesdrop on your conversation. This can also happen in other conference software such as Zoom.
Another dangerous source of data for DataSpy is ancestral information sites like 23andMe.
When 23andMe prepares your DNA information , it will send you a link to share with friends and family if you wish.
If you click on the link above, the plugin can interfere with it and collect family DNA information and even biomedical data such as your muscle composition.
Information disclosure can also occur under all similar circumstances. For example, information leaks may occur when you visit your iCloud account or sign up for a custom Apple site. Also, if you use online accounting services like Quickbooks to manage your accounts, the extension can steal your financial information as well.
Why is it difficult to combat information disclosure?
Since extensions can spy on users through shared links, a person with an infected browser may unwittingly expose information to their friends, family or colleagues. That’s why it is so difficult for companies and individuals to combat this way of disclosing information. If someone you know has installed one of the infected plug-ins and shared a link with you or made a Skype video call with you, your data and information is at risk even though you have never installed the infected plug-in. Sam argues about it:
Even the most responsible are vulnerable to DataSpii . Despite the huge funding and the large number of specialists, the largest cyber security companies are still vulnerable to DataSpii . Our information is only as secure as we trust others.
Be careful when installing the browser extension
The recent incident clearly shows why precautions must be take before installing browser extensions, as even extensions that look harmless may contain malicious code or steal your information. For this reason, make sure you are reliable before installing any plug-in. Even a quick Google search can be very helpful.