Data Theft and Backdoor Placement Attacks on Google Gears’ Users
This paper describes multiple stealthy and remote attacks against users of Google Gears which could have impacts ranging from stealing the entire Gmail Inbox of the victim to setting permanent backdoors in popular sites like Gmail, MySpace, WordPress, Google Docs etc.
For a website to make use of Google Gears, the user should explicitly permit the site to make use of Gears. Once this is done the site can store data on the user’s hard disk, in the form of SQLite databases. The site can read, write and alter this database. Gears also lets the site to save and serve pages locally from the user’s system, in effect, creating a web server on the user’s system. All of Google Gears’ features are accessible using the Gears API from JavaScript.
Download PDF
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Google Gears for Attackers”
Leave a reply