When using the browser we can suffer many types of attacks that compromise our security or privacy. Hackers use a wide variety of strategies to achieve their goal. This means that we must be protected and not make mistakes. In this article we are going to talk about a new attack against the browser that allows users to be tracked even with JavaScript disabled.
They attack the browser even with JavaScript disabled
A group of security researchers have found a new way to attack a browser by exploiting a flaw and being able to filter information with which to track users. This could happen even with JavaScript completely disabled .
This is specifically a side channel attack that does not require JavaScript to run. This means that script blockers will not be able to act to stop it. It is more complex to prevent and therefore puts users at risk.
By preventing JavaScript, side channel attacks can also result in microarchitecture sniffing attacks that work on hardware platforms, including Intel Core CPUs, AMD Ryzen, Samsung Exynos 2100, and Apple M1, making it the first attack of known lateral canal.
This study was conducted by security researchers at Ben-Gurion University, University of Michigan, and the University of Adelaide.
It should be noted that side channel attacks are generally based on indirect data such as timing, sound, power consumption, electromagnetic emissions, vibrations, and cache behavior with the aim of inferring secret data in a system. Specifically, microarchitecture side channels exploit the sharing of processor components in code running in different protection domains to leak secret information such as cryptographic keys.
In addition, studies have also previously shown fully automated attacks such as “Rowhammer.js” that rely solely on a website with malicious JavaScript to trigger remote hardware failures, thus gaining unrestricted access to website visitors’ systems. .
However, these attacks could be mitigated by disabling JavaScript. However this does not happen this time. They have seen that it works even in browsers like Tor or Chrome, which have JavaScript completely disabled.
How to avoid problems when browsing the Internet
As we always say, it is essential to maintain security when surfing the net. It is very important that we use security programs, such as an antivirus, in order to avoid attacks that could compromise us. But so is having the latest versions and all the patches installed. In this way we will correct vulnerabilities that may compromise us.
Now, if there is something fundamental to maintain security and privacy at all times, it is common sense . We need to avoid errors such as accessing malicious sites or reducing the impact of browsing the Internet through services that may be insecure.
The objective of all this is to be protected and face possible attacks that could put our data at risk. We need to keep privacy safe and also make equipment work as well as possible.