Crashing Privacy: An Autopsy of a Web Browser's Leaked Crash Reports

08/06/2018
by   Kiavash Satvat, et al.
0

Harm to the privacy of users through data leakage is not an unknown issue, however, it has not been studied in the context of the crash reporting system. Automatic Crash Reporting Systems (ACRS) are used by applications to report information about the errors happening during a software failure. Although crash reports are valuable to diagnose errors, they may contain users' sensitive information. In this paper, we study such a privacy leakage vis-a-vis browsers' crash reporting systems. As a case study, we mine a dataset consisting of crash reports collected over the period of six years. Our analysis shows the presence of more than 20,000 sessions and token IDs, 600 passwords, 9,000 email addresses, an enormous amount of contact information, and other sensitive data. Our analysis sheds light on an important security and privacy issue in the current state-of-the-art browser crash reporting systems. Further, we propose a hotfix to enhance users' privacy and security in ACRS by removing sensitive data from the crash report prior to submit the report to the server. Our proposed hotfix can be easily integrated into the current implementation of ACRS and has no impact on the process of fixing bugs while maintaining the reports' readability.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/18/2023

"Is Reporting Worth the Sacrifice of Revealing What I Have Sent?": Privacy Considerations When Reporting on End-to-End Encrypted Platforms

User reporting is an essential component of content moderation on many o...
research
12/15/2020

A Quantitative Study of Security Bug Fixes of GitHub Repositories

Software is prone to bugs and failures. Security bugs are those that exp...
research
08/02/2021

Underreporting of errors in NLG output, and what to do about it

We observe a severe under-reporting of the different kinds of errors tha...
research
01/29/2019

Automated Analysis, Reporting, and Archiving for Robotic Nondestructive Assay of Holdup Deposits

To decommission deactivated gaseous diffusion enrichment facilities, mil...
research
04/24/2019

A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists

This paper focuses on reporting of Internet malicious activity (or mal-a...
research
01/18/2018

Fixing Bug Reporting for Mobile and GUI-Based Applications

Smartphones and tablets have established themselves as mainstays in the ...
research
11/09/2022

Discovering the Hidden Facts of User-Dispatcher Interactions via Text-based Reporting Systems for Community Safety

Recently, an increasing number of safety organizations in the U.S. have ...

Please sign up or login with your details

Forgot password? Click here to reset