Nice Cookie Encryption Scheme Google … Shame If Something Happened To It

Source: Bleeping Computer Nice Cookie Encryption Scheme Google … Shame If Something Happened To It

The Cookie Jar Is Wide Open Again

Google’s cookie encryption was a decent idea, a way to ensure that if a bad actor managed to get their fingers in your cookie jar, they wouldn’t be able to savour a cookie that was securely encrypted.  You are probably asking the obvious question; unfortunately data harvesting is far too lucrative to be able to ban cookies altogether.  The security of our personal browsing habits apparently pales when compared to the income of marketing companies and their customers.  Instead we have to depend on our cookies being protected from being accessed by those who shouldn’t be able to grab them.

Sadly, malware writers have already figured out how to get back in the cookie jar without needing to hit Google to get the key, and now a security researcher has revealed the process by which they do that.  It’s rather simple, grab the App-Bound encryption bypass tool from GitHub and drop it into the Google Chrome directory on a target computer which you have admin access to.  Run it and it can then decrypt any of the Chrome cookies on that computer.

So much for that brief moment of protection via cookie encryption.

The goal was to protect sensitive information from infostealer malware, which runs with the permissions of the logged user, making it impossible for it to decrypt stolen cookies without first gaining SYSTEM privileges and potentially raising alarms in security software.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!