39 research outputs found
Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API
The Chromium open-source project has become a fundamental piece of the Web as
we know it today, with multiple vendors offering browsers based on its
codebase. One of its most popular features is the possibility of altering or
enhancing the browser functionality through third-party programs known as
browser extensions. Extensions have access to a wide range of capabilities
through the use of APIs exposed by Chromium. The Debugger API -- arguably the
most powerful of such APIs -- allows extensions to use the Chrome DevTools
Protocol (CDP), a capability-rich tool for debugging and instrumenting the
browser. In this paper, we describe several vulnerabilities present in the
Debugger API and in the granting of capabilities to extensions that can be used
by an attacker to take control of the browser, escalate privileges, and break
context isolation. We demonstrate their impact by introducing six attacks that
allow an attacker to steal user information, monitor network traffic, modify
site permissions (\eg access to camera or microphone), bypass security
interstitials without user intervention, and change the browser settings. Our
attacks work in all major Chromium-based browsers as they are rooted at the
core of the Chromium project. We reported our findings to the Chromium
Development Team, who already fixed some of them and are currently working on
fixing the remaining ones. We conclude by discussing how questionable design
decisions, lack of public specifications, and an overpowered Debugger API have
contributed to enabling these attacks, and propose mitigations
Measuring the global recursive DNS infrastructure: a view from the edge
The Domain Name System (DNS) is one of the most critical Internet subsystems. While the
majority of ISPs deploy and operate their own DNS infrastructure, many end users resort to third-party DNS
providers with hopes of enhancing their privacy, security, and web performance. However, bad user choices
and the uneven geographical deployment of DNS providers could render insecure and inef cient DNS
con gurations for millions of users. In this paper, we propose a novel and exible measurement method to
(1) study the infrastructure of recursive DNS resolvers, including both ISP's and third-party DNS providers'
deployment strategies; and (2) study end-user DNS choices, both in a timely manner and at a global scale. For
that, we leverage the outreach capacity of online advertising networks to distribute lightweight JavaScriptbased
DNS measurement scripts. To showcase the potential of our technique, we launch two separate ad
campaigns that triggered more than 3M DNS lookups, which allow us to identify and study more than
76k recursive DNS resolvers giving support to more than 25k eyeball ASes in 178 countries. The analysis
of the data offers new insights into the DNS infrastructure, such as user preferences towards third-party
DNS providers (namely, Google, OpenDNS, Level3, and Cloud are recursive DNS resolvers account for
~13% of the total DNS requests triggered by our campaigns), and into deployment decisions of many ISPs
providing both mobile and xed access networks to separate the DNS infrastructure serving each type of
access technology.This work was supported in part by the Spanish Grant TIN2017-88749-R (DiscoEdge), in part by the Region of Madrid EdgeData-CM
Program under Grant P2018/TCS-4499, in part by the Ministerio de Economía y Empresa, Spain, under Project TEC2016-76795-C6-3-R
and Grant RyC-2015-17732, and in part by the European H2020 Project SMOOTH under Grant 786741
An analysis of fake social media engagement services
Fake engagement services allow users of online social media and other web platforms to illegitimately increase their online reach and boost their perceived popularity. Driven by socio-economic and even political motivations, the demand for fake engagement services has increased in the last years, which has incentivized the rise of a vast underground market and support infrastructure. Prior research in this area has been limited to the study of the infrastructure used to provide these services (e.g., botnets) and to the development of algorithms to detect and remove fake activity in online targeted platforms. Yet, the platforms in which these services are sold (known as panels) and the underground markets offering these services have not received much research attention. To fill this knowledge gap, this paper studies Social Media Management (SMM) panels, i.e., reselling platforms¿often found in underground forums¿in which a large variety of fake engagement services are offered. By daily crawling 86 representative SMM panels for 4 months, we harvest a dataset with 2.8 M forum entries grouped into 61k different services. This dataset allows us to build a detailed catalog of the services for sale, the platforms they target, and to derive new insights on fake social engagement services and its market. We then perform an economic analysis of fake engagement services and their trading activities by automatically analyzing 7k threads in underground forums. Our analysis reveals a broad range of offered services and levels of customization, where buyers can acquire fake engagement services by selecting features such as the quality of the service, the speed of delivery, the country of origin, and even personal attributes of the fake account (e.g., gender). The price analysis also yields interesting empirical results, showing significant disparities between prices of the same product across different markets. These observations suggest that the market is still undeveloped and sellers do not know the real market value of the services that they offer, leading them to underprice or overprice their services.This work was supported by the EU Horizon 2020 Research and Innovation Program under Grant agreement no. 101021377 (TRUST aWARE ); the Spanish grants ODIO (PID2019-111429RB-C21 and PID2019-111429RB-C22), and the Region of Madrid grant CYNAMON-CM (P2018/TCS-4566), co-financed by European Structural Funds ESF and FEDER
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
As ISPs face IPv4 address scarcity they increasingly turn to network address
translation (NAT) to accommodate the address needs of their customers.
Recently, ISPs have moved beyond employing NATs only directly at individual
customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply
address translation to many independent and disparate endpoints spanning
physical locations, a phenomenon that so far has received little in the way of
empirical assessment. In this work we present a broad and systematic study of
the deployment and behavior of these middleboxes. We develop a methodology to
detect the existence of hosts behind CGNs by extracting non-routable IP
addresses from peer lists we obtain by crawling the BitTorrent DHT. We
complement this approach with improvements to our Netalyzr troubleshooting
service, enabling us to determine a range of indicators of CGN presence as well
as detailed insights into key properties of CGNs. Combining the two data
sources we illustrate the scope of CGN deployment on today's Internet, and
report on characteristics of commonly deployed CGNs and their effect on end
users