Spying Browser Extensions: Analysis and Detection

Several studies have been conducted on understanding thirdparty user tracking on the web. However, web trackers can only track users on sites where they are embedded by the publisher, thus obtaining a fragmented view of a user’s online footprint. In this work, we investigate a different form of user tracking, where extensions enabled on a browser can capture the complete browsing behavior of a user and communicate the collected sensitive information to a remote server (untrusted by the user). We conduct the first largescale empirical study of 218 spying browser extensions on the Chrome Web Store. We observe that these extensions steal a variety of sensitive user information, such as the complete browsing history of the users (e.g., the sequence of web traversals), online social network (OSN) access tokens, and IP address and geolocation of users. We present an in-depth analysis of the spying behavior of these extensions. Finally, we investigate the potential for automatically detecting spying extensions by applying machine learning schemes using a comprehensive set of features capturing various client-side and network behavior. Our findings highlight the importance of detecting and limiting user behavior tracking by browser extensions.

[1]  Balachander Krishnamurthy,et al.  On the leakage of personally identifiable information via online social networks , 2009, CCRV.

[2]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[3]  Niels Provos,et al.  Trends and Lessons from Three Years Fighting Malicious Extensions , 2015, USENIX Security Symposium.

[4]  Marianne Winslett,et al.  Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.

[5]  Yuan Tian,et al.  Analyzing the dangers posed by Chrome extensions , 2014, 2014 IEEE Conference on Communications and Network Security.

[6]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[7]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[8]  David Lazer,et al.  Measuring Price Discrimination and Steering on E-commerce Web Sites , 2014, Internet Measurement Conference.

[9]  Wei Meng,et al.  Understanding Malvertising Through Ad-Injecting Browser Extensions , 2015, WWW.

[10]  Eugene Agichtein,et al.  Ready to buy or just browsing?: detecting web searcher goals from interaction data , 2010, SIGIR.

[11]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[12]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[13]  Vinod Ganapathy,et al.  Analyzing Information Flow in JavaScript-Based Browser Extensions , 2009, 2009 Annual Computer Security Applications Conference.

[14]  Charles Reis,et al.  Web browsers as operating systems: supporting robust and secure web programs , 2009 .

[15]  Mohammad Zulkernine,et al.  Effective detection of vulnerable and malicious browser extensions , 2014, Comput. Secur..

[16]  Christopher Krügel,et al.  Hulk: Eliciting Malicious Behavior in Browser Extensions , 2014, USENIX Security Symposium.

[17]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, CCRV.

[18]  Vern Paxson,et al.  When Governments Hack Opponents: A Look at Actors and Technology , 2014, USENIX Security Symposium.

[19]  Alan Cleary,et al.  Information flow analysis for javascript , 2011, PLASTIC '11.

[20]  David A. Wagner,et al.  The Effectiveness of Application Permissions , 2011, WebApps.

[21]  Tadayoshi Kohno,et al.  Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 , 2016, USENIX Security Symposium.