1. Forum
  2. TQWNet
  3. TQW GENTECH

  • QR codes can be used to crack this vital browser security tool

    From TechnologyDaily@1337:1/100 to All on Monday, December 09, 2024 20:45:05
    QR codes can be used to crack this vital browser security tool

    Date:
    Mon, 09 Dec 2024 20:24:00 +0000

    Description:
    Browser isolation can easily be bypassed with QR codes, but the method has
    its drawbacks.

    FULL STORY ======================================================================Browser isolation runs all scripts in a remote, or virtual environment, but QR codes still make it through If a device is infected with malware, it can get commands via QR codes, rendering browser isolation useless The method works, but has its limitations

    Cybersecurity researchers from Mandiant claim to have discovered a new way to get malware to communicate with its C2 servers through the browser, even when the browser is isolated in a sandbox.

    There is a relatively new method of protecting web-borne cyberattacks, called browser isolation. It makes the victims browser communicate with another browser, located in a cloud environment, or a virtual machine. Whatever commands the victim inputs are relayed to the remote browser, and all they
    get in return is the visual rendering of the page. Code, scripts, commands, all get executed on the remote device.

    One can think of it as browsing through the lens of a phones camera. Limits and drawbacks

    But now, Mandiant believes that C2 servers (command & control) can still talk to the malware on the infected device, regardless of the inability to run
    code through the browser, and that is - via QR codes. If a computer is infected, the malware can read the pixels rendered on the screen, and if theyre a QR code, that is enough to get the program to run different actions.

    Mandiant prepared a proof-of-concept (PoC) showing how the method works on
    the latest version of Google Chrome, sending the malware through Cobalt Strikes External C2 feature.

    The method works, but its far from ideal, the researchers added. Since the data stream is limited to a maximum of 2,189 bytes, and since there is a roughly 5-second latency, the method cannot be used to send large payloads,
    or facilitate SOCKS proxying. Furthermore, additional security measures such as URL scanning, or data loss prevention, may render this method completely useless.

    Still, there are ways the method could be abused to run destructive malware attacks. Therefore, IT teams are advised to still keep an eye on the flow of traffic, especially from headless browsers running in automation mode.

    Via BleepingComputer You might also like Another major US healthcare organization has been hacked, with potentially major consequences Here's a list of the best antivirus These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/qr-codes-can-be-used-to-crack-this-vita l-browser-security-tool


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)