“Leaky” registration forms
A research team from KU Leuven and the Universities of Nijmegen and Lausanne to solvethat many sites collect users’ personal data using “leaky” registration forms. The scientists’ results were combined in a material called Leaky Forms.
This means that when a user fills in the fields while signing up for a particular platform, companies copy and save all the information before the user clicks the submit button. At the same time, canceling the operation does not affect the result – the data is automatically saved at the beginning of the filling.
Leaky forms work on the principle of keylogger – this is malware that records the user’s keystrokes and mouse cursor movements. Some sites collect user data this way. Others pull information directly from form fields. For example, a visitor clicked on the password field and at that time the site copied the data from the pre-filled “email” field.
According to the study, nearly 5,000 sites collected data from users in Europe and the United States, including those that interrupted the registration process.
This resulted in more than 7,000 email addresses being leaked.
Tools that get information about exactly what a person enters into a form aren’t used on all sites, but they are very popular overall, says Alexander Vurasko, head of digital threat analysis at Infosecurity a Softline Company.
“Their main goal is to follow up with potential buyers who change their minds at the last moment. These are the so-called marketing trackers. They are used both outside of Russia and in Russian sources. This functionality is just one of the tools designed to monitor user activity.
It will be no secret to anyone that sites can determine where the user came from, which link he clicked, which products he viewed, which operating system and browser he used, and much more.
All this allows you to create a unique user fingerprint, which can then be sold to advertising companies for better ad targeting,” Vourasko explained.
Some sites even recorded password hashes. Hashing is a one-way process in which information is converted to a specific set of characters. However, attackers can crack this password hash, according to Anton Chumakov, head of product development at Crosstech Solutions Group.
“The truth is, users often come up with standard passwords like qwerty that have long been known to attackers. To many, hacking may seem unexpected if the password hash is compromised. However, hashes are also known to hackers – they create rainbow tables [таблицы поиска для использования криптографических хеш-функций — «Газета.Ru»], contains pairs of password hashes, and thanks to them, they know, for example, that the hash d8578edf8458ce06fbc5bb76a58c5ca4 corresponds to the password “qwerty”. Also, do not forget about the risk of leaking the database collected in this way, ”Chumakov explained.
How to close a hole
Since the results of the study showed that deleting the data in a form before submitting it may not be enough, the scientists developed the LeakInspector extension for the Firefox browser to detect such “leaky” forms.
It is almost impossible for the average person to evaluate the security of the forms and know before their consent that the information has been submitted to the database. To avoid this, experts advise you to be careful with your data and not to register on dubious sites. In addition, you can use special services.
“For example, WHOIS or 2IP, which provides free information about a registered domain. Users should be careful when entering their personal data if it has been created recently or is listed as malicious. To detect this type of fraud, you can use the browser in developer mode to monitor the actions of site scripts and control data submission during form filling. The authors used a similar approach in their work, as well as deciphering information that could be passed on to third parties to confirm their hypotheses, ”says Andrey Slobodchikov, an information security expert at the Digital Economy League.
Source: Gazeta