Authors:
José Areia
1
;
2
;
Bruno Santos
1
;
2
and
Mário Antunes
1
;
3
Affiliations:
1
School of Management and Technology (ESTG), Polytechnic of Leiria, Leiria, Portugal
;
2
Computer Science and Communication Research Centre (CIIC), Polytechnic of Leiria, Leiria, Portugal
;
3
INESC TEC, Center for Research in Advanced Computing Systems, Porto, Portugal
Keyword(s):
Web Security, Browser Password Managers, Malware Development, Network Security, Security Analysis.
Abstract:
Memorising passwords poses a significant challenge for individuals, leading to the increasing adoption of password managers, particularly browser password managers. Despite their benefits to users’ daily routines, the use of these tools introduces new vulnerabilities to web and network security. This paper aims to investigate these vulnerabilities and analyse the security mechanisms of browser-based password managers integrated into Google Chrome, Microsoft Edge, Opera GX, Mozilla Firefox, and Brave. Through malware development and deployment, Dvorak is capable of extracting essential files from the browser’s password manager for subsequent decryption. To assess Dvorak functionalities we conducted a controlled security analysis across all aforementioned browsers. Our findings reveal that the designed malware successfully retrieves all stored passwords from the tested browsers when no master password is used. However, the results differ depending on whether a master password is used.
A comparison between browsers is made, based on the results of the malware. The paper ends with recommendations for potential strategies to mitigate these security concerns.
(More)
