Cache Attack: Firefox as the New Weapon of Cyber Criminals

June 20, 2018
Cyber Criminals

Web cache is data front liners that are automatically downloaded for faster bootup times during your next same-site visit. It’s a typical web practice that normally wouldn’t warrant any suspicions, but recent research now finds it vulnerable to cyber criminals abuse – and attack website’s visitors.

The Research Team from PortSwigger Web Security, under the supervision of its head James Kettle, recently discovered a way to hack into sites by exploiting how web caching works. Exploiting even further an API for one of Mozilla Firefox’s web cache plug-ins, Kettle spoke of how DDoS Attacks and Credential Theft can even be made possible.

Moreover, this kind of attack orders the web cache to propagate malware or redirect unknowing victims to malicious pages by forcefully whitelisting suspicious URLs. These have been achieved through Kettle’s employment of Cache Poisoning, which he used to attack at the back of the browser that checks and sends plug-in updates, as well as application updates. “I found by accident … that I was able to use cache poisoning to effectively input some limited commands to Firefox browser users worldwide,” he comments. “If you opened Firefox, I got control of it.”

It’s not specific to any given technology or any given cache“, as Kettle starts hacking away at web caching infrastructure of a US government agency, a popular cloud platform provider, a hosting platform provider, a software product, a video game, an investment firm’s investor information, and several online stores. “It’s sort of a design flaw in the way caching and websites work.”

 

Unfortunately for Cyber Criminals, Mozilla already fixed this upon their recent update last January, within 24 hours of James Kettle’s report.

 

Even though this particular issue was resolved, it is unlikely for it to be just an isolated case in the future. Hence users should be aware about the threatening extent web caching can be twisted into. Some tips include:

For Companies: It is always best practice to block internal network connection from outside and using corporate proxies during visits to outside resources. It helps as well to monitor traffic from own company sites; a sudden influx of visitors that wasn’t forecasted before is suspicious.

About the author

Leave a Reply