Jump to content

MarioNet Browser Attack


Recommended Posts

Some info in the articles below:

 

https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/

https://www.ghacks.net/2019/02/26/marionet-attack-lets-hackers-control-your-browser-even-after-you-leave-the-attack-page/

 

To check if the Service Workers is active in your browser:

https://browserleaks.com/features

Pale Moon and Basilisk by default does not support Service Workers.
Also I.E.8 does not support Service Workers:

ugXRZ6cl_o.jpg

Edited by Sampei.Nihira
Link to post
Share on other sites

2 hours ago, Sampei.Nihira said:

Some info in the articles below:

 

https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/

https://www.ghacks.net/2019/02/26/marionet-attack-lets-hackers-control-your-browser-even-after-you-leave-the-attack-page/

 

To check if the Service Workers is active in your browser:

https://browserleaks.com/features

Pale Moon and Basilisk by default does not support Service Workers.
Also I.E.8 does not support Service Workers:

ugXRZ6cl_o.jpg

I am reading this on my phone.

Chrome on my iPhone 6 does not support service workers. Safari, however, does. :no:

Link to post
Share on other sites

Chrome 72.0.3626.105 on Android 5.1.1 doesn't support service workers, so it's not affected. I'm gonna check whether Chromium 54 does or not on my computer.

Link to post
Share on other sites

For those who want to take a more detailed test:

 

https://www.wilderssecurity.com/threads/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page.413876/#post-2812242

With Firefox / Pale Moon / New Moon / Basilisk, you do not need to install the extension, you can test directly.

Edited by Sampei.Nihira
Link to post
Share on other sites

I use Basilisk and used to use Firefox, which have these things turned off by default, and I don't think I've ever needed "service workers" for any Web page I've visited to work.

So why do "service workers" even exist? They seem to do nothing except create a security exposure.

Link to post
Share on other sites

Just FYI, original ZDNet article got updated:

Quote

UPDATE, February 28: Following the NDSS presentation and this article, Mozilla developers have looked into the reported attack and have concluded that Firefox is currently not susceptible to MarioNet attacks:

"While we are grateful for any responsibly-disclosed analysis or security work that might help us make Firefox a safer, more reliable product, the conclusions of this paper rely on a non-standard extension to ServiceWorkers that Firefox does not support, and we have been unable to replicate these claims in-house," a Mozilla spokesperson told ZDNet. "While we've reached out to the authors of this paper for clarification, we do not believe that Firefox users are affected by this vulnerability."

 

  • Like 1
Link to post
Share on other sites

Sadly, Chromium 54 is affected:

nRYe3Kw.png

 

Unfortunately, in Chrome there is no built-in flag to disable service workers specifically, but service workers works with "cookies/site data" which you can find at chrome://settings/cookies so blocking those actually disables service worker.

The thing is that cookies are actually useful...

Link to post
Share on other sites
7 hours ago, FranceBB said:

Sadly, Chromium 54 is affected:

nRYe3Kw.png

 

Unfortunately, in Chrome there is no built-in flag to disable service workers specifically, but service workers works with "cookies/site data" which you can find at chrome://settings/cookies so blocking those actually disables service worker.

The thing is that cookies are actually useful...

http://prntscr.com/mth9nv

Opera is affected too though:(

Link to post
Share on other sites

Thanks for the tip. FF 51.0.1 has it enabled by default and I have just turned it off. Hopefully it will not disable any functionality on any of the sites that I visit.

Cheers

 

Edited by risk_reversal
Link to post
Share on other sites
10 hours ago, FranceBB said:

Sadly, Chromium 54 is affected:

nRYe3Kw.png

 

Unfortunately, in Chrome there is no built-in flag to disable service workers specifically, but service workers works with "cookies/site data" which you can find at chrome://settings/cookies so blocking those actually disables service worker.

The thing is that cookies are actually useful...

With Chrome, you can block Service Workers as long as you block even the Web Workers.
It can be done with the uMatrix extension.
But even with the uBlock Origin extension you only need to set up a rule.

Link to post
Share on other sites
23 minutes ago, Sampei.Nihira said:

But even with the uBlock Origin extension you only need to set up a rule.

Which rule we should setup to disable ServiceWorkers in uBlock Origin extension?

Link to post
Share on other sites

The Browserleaks website doesn't do anything if javascript is disabled and also it appears the MarioNet thing uses javascript also.

Regarding Chrome, it may not say this specifically but there is a setting in the advance options "Continue running background apps when Google Chrome is closed" which may be related to whether or not it will allow the Service Workers thing to run properly.

Link to post
Share on other sites

@FranceBB

For Chromium-based browsers under "chrome://serviceworker-internals" the current working scripts can be displayed, stopped and removed with (unregister) until the next call of certain web pages. The following websites were noticed:
When opening a new tab
https://www.4shared.com
https://www.youtube.com

Lastly, only HttpsProxy (ProxAddr and RearPort) helped interpose a proxy (Jana Server) where certain blocklist entries helped

youtube.com/sw.js
serviceworker.js
sw _ *. js

helped put an end to these activities.
μBlock could not block these serviceworker scripts.

Since they have us a real s*** installed in Chrome, which can not be deactivated.

:)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...