Security News

Browser Flaws Exposed Local Area Networks at Health, Drug Firms

Vulnerabilities in Chrome and Firefox browser extensions enabled attackers to access local area networks of several healthcare and pharmaceutical companies, according to a report by security firm DataSpii.

networking

Source: Thinkstock

By Fred Donovan

- Vulnerabilities in Chrome and Firefox browser extensions enabled attackers to access local area networks (LANs) of several healthcare and pharmaceutical companies, according to a report by security firm DataSpii.

Healthcare and drug companies whose LANs were affected by the security flaws included AthenaHealth, Epic Systems, Kaiser Permanente, Merck, Pfizer, and Roche.

The report explained that the attackers were able to collect sensitive data from those LANs.

The vulnerabilities were discovered in eight Chrome and Firefox browser extensions, which resulted in the leak of personally identifiable information and corporate information. The extensions were Hover Zoom (Chrome), SpeakIt! (Chrome), SuperZoom (Chrome and Firefox), SaveFrom.net Helper (Firefox), FairShare Unlock (Chrome and Firefox), PanelMeasurement (Chrome), Branded Surveys (Chrome), and Panel Community Surveys (Chrome).

Although the extensions were disabled by Google and Mozilla, they continued to collect data, so DataSpii recommended that the extension be removed from browsers.

The data was made available to members of an unnamed service, known as Company X.

“Company X members could search the website traffic data for nearly any domain name and find confidential corporate memos, zero-day security vulnerabilities, as well as impacted users’ tax returns, GPS locations, travel itineraries, credit card details, or possibly any URL he or she may have opened with their browser,” explained DataSpii.

By devising a LAN experiment, DataSpii was able to observe the Hover Zoom extension collect hyperlinks stored in the page content of its LAN website. It also observed the dissemination of its LAN data to three different host names. The data included the LAN’s IP address, host name, page title, timestamp of the visit, and URLs of page resourced referenced in the HTML code. It was then provider to members of Company X.

Other companies impacted by the vulnerabilities included tech giants Amazon, Apple, Dell, Facebook, Microsoft, and Oracle, as well as cybersecurity firms AlienValut, FireEye, Palo Alto Networks, Symantec, and Trend Micro. Other firms included 23andMe, American Airlines, Atlassian, Blue Origin, BuzzFeed, CapitalOne, CardinalHealth, DrChrono, Intuit, Kareo, NBCDigital, Nest, NetApp, Reddit, Shopify, Southwest Airlines, Space X, Tesla, T-Mobile, Uber, UCLA, Under Armour, United Airlines, Wallmart, Zendesk, and Zoom Video Communications.