Google Comes Up With A Strategy For Dealing With Cookie Theft

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Google has come up with a plan to combat cookie theft by tying users’ information to a cryptographic key.

Cookies are a simple method many websites employ to track and manage user data, but they can also contain private information that hackers are constantly probing for. While stealing cookies won’t give a hacker your password, it allows them to join sessions against your will and view anything you enter.

According to Google, cookie theft is a growing problem made worse by the sophisticated social engineering schemes that hackers use to steal your cookies. Once a victim is tricked into downloading malware from a supposedly trusted source, the hackers are free to steal your cookies every time you log in.

“Cookie theft like this happens after login, so it bypasses two-factor authentication and any other login-time reputation checks. It’s also difficult to mitigate via anti-virus software since the stolen cookies continue to work even after the malware is detected and removed,” reads a post on the Chromium blog.

“To address this problem, we’re prototyping a new web capability called Device Bound Session Credentials (DBSC) that will help keep users more secure against cookie theft.”

The idea is that each time you open a new browser, a new public/private key pairing will be automatically generated. This ties the authentication process to your device, so hackers would need direct access to your device to steal your cookies.

If malware was used to steal cookies, it wouldn’t have the key needed to authenticate and decipher the stolen data, making it completely useless to steal. The new feature will be available for roughly half of all desktop Chrome users once it’s finished. Google based this number on the average user’s hardware capabilities.

“DBSC will be fully aligned with the phase-out of third-party cookies in Chrome.”

The development of this open project can be watched in real-time on Github (GitHub – WICG/dbsc).

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment