You probably know better than to click on links that download unknown files to your computer. It turns out that you were also in trouble when uploading files.
Today’s web browsers are much more powerful than earlier generations of browsers. They are able to manipulate data within the browser and the computer’s local file system. Users can send and receive email, listen to music or watch a movie within a browser with the click of a button.
Unfortunately, these capabilities also mean that hackers can find clever ways to abuse browsers to trick you into allowing ransomware to lock your files when you think you’re going about your normal tasks on line.
I am a computer scientist who studies cyber security. My colleagues and I showed how hackers can access your computer’s files through the File System Access Application Programming Interface (API), which enables web applications in modern browsers to interact with users’ local file systems .
The threat affects Google Chrome and Microsoft Edge browsers but not Apple’s Safari or Mozilla Firefox. Chrome accounts for 65% of browsers used, while Edge accounts for 5%. As far as I know, there have been no reports so far of hackers using this method.
My colleagues, including a Google security researcher, and I communicated with the developers responsible for the File System Access API, and they expressed support for our work and interest in our approach to protecting against this type of attack. We also filed a security report with Microsoft but haven’t heard back from them.
A double-edged sword
Today’s browsers are almost operating systems themselves. They can run software programs and encrypt files. These capabilities, along with the browser’s access to the host computer’s files – including those in the cloud, shared folders and external drives – through the File System Access API create a new opportunity for ransomware.
Imagine you want to edit photos on a harmless free online photo editing tool. When you upload the photos for editing, any hackers who control the malicious editing tool can access the files on your computer through your browser. The hackers would get access to the folder you are uploading and all the subfolders. The hackers could then encrypt the files in your file system and demand a ransom payment to decrypt them.
Ransomware is a growing problem. Attacks have hit individuals as well as organizations, including Fortune 500 companies, banks, cloud service providers, cruise operators, threat monitoring services, chip manufacturers, governments, medical centers and hospitals, insurance companies, schools, universities and even police departments. In 2023, organizations paid more than US$1.1 billion in ransom payments to attackers, and 19 ransomware attacks targeted organizations every second.
No wonder ransomware is the No. 1 arms race. 1 today between hackers and security specialists. Traditional ransomware runs on your computer after hackers trick you into downloading it.
New defenses for a new threat
I lead a team of researchers at Florida International University’s Cyber-Physical Systems Security Laboratory, including postdoctoral researcher Abbas Acar and Ph.D. Candidate Harun Oz, together with Google’s Senior Research Scientist, Güliz Seray Tuncay, has been investigating this new type of potential ransomware for the past two years. Specifically, we were investigating how powerful modern web browsers are and how hackers can weaponize them to create new forms of ransomware.
In our paper, RøB: Ransomware across Modern Web Browsers, presented at the USENIX Security Symposium in August 2023, we showed how easy this emerging ransomware strain is to design and how harmful it can be. to be In particular, we designed and implemented the first browser-based ransomware called RøB and analyzed its use with browsers running on three different major operating systems – Windows, Linux and MacOS – five cloud providers and five antivirus products.
Our evaluations showed that RøB is able to encrypt multiple file types. Because RøB runs inside the browser, there are no malicious uploads to catch a traditional antivirus program. This means that existing ransomware detection systems have some issues against this powerful browser-based ransomware.
We proposed three different protection approaches to mitigate this new type of ransomware. These approaches operate at different levels – browser, file system and user – and complement each other.
The first approach temporarily stops a web application – a program that runs in the browser – to detect encrypted user files. The second approach monitors the web application activity on the user’s computer to identify ransomware-like patterns. The third approach introduces a new permission dialog box to inform users of the risks and implications of allowing web applications to access their computer’s file system.
When it comes to protecting your computer, be careful about where you upload as well as download files. Your uploads may be giving hackers access to your computer.
This article is republished from The Conversation, a non-profit, independent news organization that brings you reliable facts and analysis to help you make sense of our complex world. It was written by: Selcuk Uluagac, Florida International University
Read more:
This research was completed in 2023 and received partial funding from the US National Science Foundation, Cyber Florida, and Google ASPIRE. The views expressed are solely those of the author, not those of the funding agencies. The author also thanks the developers of the FSA API at Google for their support and collaboration on the original USENIX Security paper in 2023.