New Browser cache-based side-channel Attack

Recently, a group of security researchers from the University of Michigan, the University of the Negev, and the University of Adelaide have discovered the very first browser-based side-channel attack. 

This new form of attack is entirely built from the CSS and HTML code, which not only makes it multiplatform but also enables the attackers to attack even browsers with enhanced security, for example, Tor Browser.

This means that the script blockers will not be able to stop it; in short, it will become more complex to prevent, and put the users at risk.

We all know that web browsers are the most common and easy medium to track the users even when they have JavaScript completely disabled on their systems. Apart from this, analysts have dubbed this new form of attack as CSS Prime+Probe.

JavaScript Types and Inheritance

Javascript Types: JavaScript is an object-oriented language, where every value is there own object, but it excludes several fundamental primitive types. 

In the case of object typing, JavaScript frequently uses “duck typing”, here the object is contemplated to have an expected type as soon as it has the suspected methods or properties.

UT 1

Inheritance: In the case of inheritance JavaScript utilizes a prototypal inheritance model, here’s each and every object can have a rare prototype object. While searching for a property of an object, JavaScript initially checks the object itself. 

But if the property is not ascertained in the object, then the JavaScript, continues to check its prototype, till it finds the property or approaches an object that has no prototype. 

Browsers attacked

Attackers targeted and attacked the following browsers that are mentioned below:-

  • Chrome
  • Mozilla Firefox
  • Tor Browser
  • DeterFox

Who’s at risk, and how to protect yourself?

The no-JavaScript attack has been found to work on most modern CPUs, including Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1. Interestingly, the results show that Apple’s M1 and Samsung’s Exynos chips can sometimes be more sensitive to these types of complex attacks.

However, researchers have reported in the paper as proof of concept that side-channel attacks are quite difficult to prevent. But it does not show or tells clearly that this type of vulnerability is actively being exploited in the wild or not.

Moreover, the cybersecurity researchers asserted that it’s very important that every user must use security tools like Antivirus, Malware scanners, etc. As these kind of programs will help the users to circumvent and protect themselves from all types of unwanted threats and attacks.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.