A new technique based on MapReduce could allow attackers to hijack computing resources used in cloud-based mobile browsers and use them anonymously, according to security researchers at the University of Oregon, North Carolina.
This navigation uses resources cloud computing (cloud) to render web pages and deliver them to the end user, instead of doing all the heavy lifting within the devices themselves. The researchers said the technique is particularly useful in mobile browsers, because, otherwise, they depend on the hardware of a device less powerful. The Opera Mini Silk and Android browsers are more known for using this technique, although there are others.
However, the cloud used to do the heavy lifting can be deceived to undertake a number of other tasks, according to the researchers, who wrote an article on the subject. They call the technique of MapReduce or BMR.
The team tested the idea by storing data in URL shortening sites. They succeeded in deceiving both sites and have made the browser vendors carry out processes in cloud computing for them. Assistant Professor William Enck, coauthor of the study, said in a statement that the team limited the amount of data processed in 100MB. “It could have been much more, but we did not want to overload any of the free services we use,” he said. Used maliciously, Enck said, the technique can provide crackers great processing power, temporarily and completely anonymous, enabling discovered passwords or perform other tasks at great speed arbitrary.Depending on the scale of the attack, users may not realize that something is wrong, he said.“It depends on how well-stocked the browser platform is cloud as well as the size of the work that the attacker is running. Operators cloud browsers that are monitoring the use of resources will notice an increase in the use of the service. However, respond to attacks BMR requires an operator to construct additional defenses in its framework, “Enck said.