Senator asks DHS if foreign-controlled browser extensions threaten the US

Nation-sponsored hackers have used extensions to spy before. Will they do it again? …

Photo illustration by Jakub Porzycki/NurPhoto via Getty Images

Enlarge / Photo illustration by Jakub Porzycki/NurPhoto via Getty Images
Getty Images

reader comments

13 with 12 posters participating

A US senator is calling on the Department of Homeland Security’s cybersecurity arm to assess the threat posed by browser extensions made in countries known to conduct espionage against the US.

“I am concerned that the use by millions of Americans of foreign-controlled browser extensions could threaten US national security,” Senator Ron Wyden, a Democrat from Oregon, wrote in a letter to Christopher Krebs, director of the DHS’ Cybersecurity and Infrastructure Security Agency. “I am concerned that these browser extensions could enable foreign governments to conduct surveillance of Americans.”

Also known as plugins and add-ons, extensions give browsers functionality not otherwise available. Ad blockers, language translators, HTTPS enforcers, grammar checkers, and cursor enhancers are just a few examples of legitimate extensions that can be downloaded either from browser-operated repositories or third-party websites.

Unfortunately, there’s a darker side to extensions. Their pervasiveness and their opaqueness make them a perfect vessel for stashing software that logs sites users visit, steals passwords they enter, and acts as a backdoor that funnels data between users and attacker-controlled servers.

Extensions: A short, sordid history

One of the more extreme examples of this type of malice came last year when Chrome and Firefox extensions were caught logging the browsing history of more than 4 million users and selling it online. People often think that long, complicated Web URLs prevent outsiders from being able to access medical or accounting data, but the systematic collection, dubbed DataSpii, proved the assumption wrong.

Among the sensitive

Continue reading – Article source

Similar Posts: