Skip to content

Cyber security experts have long warned about the dangers of cookie theft, a tactic used by hackers to bypass online security measures. Now, Google is taking decisive action with a new Chrome browser feature called Device Bound Session Credentials (DBSC). This technology aims to render stolen cookies useless, significantly reducing the success of cyber attacks.

Understanding Cookie Theft

Cookies are small text files that websites store on your device to remember your preferences, login information, and other details.  While cookies are essential for a smooth online experience, they can also be exploited by cybercriminals.

Malware designed to steal cookies can infiltrate your device and swipe these valuable data snippets. Hackers then use the stolen cookies to impersonate you on websites, even if you have multi-factor authentication (MFA) enabled. This allows them to access your sensitive information, potentially leading to financial loss, identity theft, or reputational damage.

How Device Bound Session Credentials (DBSC) Works

DBSC tackles this threat by cryptographically linking your online sessions to your specific device. Here’s a simplified explanation:

  • Secure Key Generation: When you start a new online session (e.g., logging into your email), Chrome generates a pair of keys – one public, one private.
  • Safe Storage: The private key is securely stored on your device, often using hardware like Trusted Platform Modules (TPMs) that are highly resistant to tampering.
  • Sharing Only the Public Key: The public key is sent to the website for verification purposes.

With this setup, the website can continually verify that requests are coming from the device that originally started the session. If a hacker steals your cookie, they won’t have the corresponding private key, making the cookie worthless on any other machine.

Prevention and Protection

While DBSC offers a robust layer of defence, staying vigilant against cyber threats remains crucial. Here’s how to protect yourself:

  • Keep Software Updated: Ensure that your operating system, web browser, and antivirus software always have the latest security patches installed.
  • Be Cautious with Downloads: Avoid downloading files or programs from untrusted sources.
  • Use Strong Passwords: Create unique, complex passwords for each online account. Consider using a password manager to help.
  • Enable Multi-Factor Authentication (MFA): Wherever possible, use MFA to add an extra layer of security to your online accounts.

The Future of Online Security

Google’s initiative with DBSC is a significant step forward in the fight against cookie theft. As the feature becomes widely adopted, users can expect a safer online environment. However, it’s essential to remember that cybersecurity is an ongoing battle. Staying informed and practicing safe online habits will always be your best defence against evolving threats.

More reading at: