Sunday, August 18, 2013

How Google Chrome Lets Anybody See Your Passwords

Daniel G. J.
by
August 17th, 2013
Updated 08/17/2013
Google’s Chrome browser and operating system may be revealing your secret passwords to everyone from coworkers to absolute strangers.
Google Chrome logo.One of the most popular features of Chrome is its ability to store passwords. That way they pop up automatically when you go to a function like email or Facebook. Elliot Kember, a software developer, discovered that anybody who clicks on the Chrome settings icon can see all of the passwords on that computer if he or she goes to the show advanced settings and passwords and forms sections.
The passwords are obscured, but clicking next to them causes them to appear in plain text. The text can be easily copied and emailed or seen by anybody that uses the computer. That means it would be easy for a hacker or malicious stranger that opened a computer with Chrome on it to see all of your passwords.
What’s really disturbing is that the head of Chrome development at Google, Justin Schuh, told The Guardian that he knows all about the flaw. Worse, Schuh said that there are no plans to correct it. In a piece he wrote on the website ‘Hacker News’, Schuh explained:
“…we don’t want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything.”
One has to wonder why this flaw has not been fixed. It would certainly make a hacker’s job easier, let alone the job of the NSA or spy agency. If the source computer used Chrome, all the hacker would have to do is go to the settings icon to get the user’s email passwords. One security expert told The Guardian:
“The fact you can view the passwords means they are stored in reversible form which means that the dark coders out there will be writing a Trojan to steal that password store as we speak.”
It has been revealed that large Internet companies such as Google and Microsoft have worked closely with the National Security Agency. There is even evidence that Skype (now part of Microsoft) helped the NSA get easy access to customer data. Therefore we need to ask, is this flaw actually helping these companies access your data even easier than before?
The surveillance state might be making it easier than ever for hackers to steal our personal information. The quest for national security appears to be endangering the security of the private individual.

No comments:

Post a Comment