Technology News

latest updates from easySERVICE™

Browser stores data, such as credit card numbers, in plaintext in Web history on local storage

Web browser

Google Chrome users should take extra precautions when using the browser to type personal data, such as credit card numbers, into website forms, experts say.

Additional steps are necessary because Chrome will store the data in plaintext in its Web history log on the hard drive. The browser retrieves the information as needed to avoid having the user retype the same data into other forms.

Researchers at Identity Finder created proof-of-concept malware that could take the data and send it to a third party. The security vendor claims Google could make the process more difficult for hackers by having the browser encrypt the data before it is stored.

Chrome lets the operating system encrypt the data, if that’s how the user has the OS configured. With Windows, Microsoft offers full disk encryption through its BitLocker feature.

“It would be harder to get at the data (if encrypted),” Aaron Titus, chief privacy officer for Identity Finder, said.

Google said the vendor’s is making a lot out of nothing because Chrome gives the user full control over how it stores data.

“Chrome asks for permission before storing sensitive information like credit card details, and you dont have to save anything if you dont want to,” the company said in a statement sent to CSOonline.

“Furthermore, data stored locally by Chrome will be encrypted if supported by the underlying operating system.”

Other experts did not consider Chrome’s handling of personal data a serious problem.

“I believe it makes sense to store the Web history information in an encrypted format to avoid this information leakage problem, but it is not a critical issue,” Wolfgang Kandek, chief technology officer for Qualys, said.

Malware written to steal information from a PC would go after much more than a browser history log, Kandek said. For example, the malicious software would likely intercept keystrokes to steal credentials used on Websites and grab data from unlocked password stores.

Have something to add to this story? Share it in the comments.

Source: Associated Press

Advertisements

One comment on “Browser stores data, such as credit card numbers, in plaintext in Web history on local storage

  1. StellarPhoenixS
    July 24, 2014

    Reblogged this on Stellar Phoenix Solutions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: