According to Bleeping Computer, 483 of Alexa’s top 50,000 ranking websites were found to be recording users’ “every move,” including their keystrokes and mouse movements. This sort of information is typically sent to an analytics dashboard where it might be intercepted if not secured properly, in order to extract user input information and other sensitive data. Attacks on session replays can therefore pose a serious security concern for both organizations and end users, as hackers may intercept any data input and record it before a user even clicks to submit the form online.
Session replay attacks, also known as, playback attacks or replay attacks, are network attacks that maliciously “repeat” or “delay” a valid data transmission. A hacker can do this by intercepting a session and stealing a user’s unique session ID (stored as either a cookie, URl, or form field). Now, the hacker is able to masquerade himself or herself as an authorized user, and he or she will be granted full access to do anything that the authorized user can do on a website.
For users, there are major privacy and security implications if websites utilize analytics services that record and insecurely store sensitive information. For example, a report released by security researchers at Princeton University revealed that some analytics dashboards from the study logged passwords, credit card details, social security numbers, dates of birth, and other kinds of information that a hacker could use to commit online fraud like identity theft.
How might users protect themselves, and what can website owners do to protect their visitors? Due to the nature of how session replay attacks usually unfold, it makes sense that countermeasures to prevent these kinds of attacks overlap with those of application security measures. Hence, traditional firewalls, web application firewalls, anti-virus programs, pop-up blockers, and other spyware-like software work together to prevent session replay attacks.
Because session replay attacks can give attackers a website visitor’s identity and authentication information, they can be a serious problem for website owners who are not implementing any of the recommendations previously mentioned. For more on hacking trends, make sure to head over to Cloudbric’s blog!