Researchers Find Methods to Kill Persistent ‘Evercookie’

The persistent method that security researcher Samy Kamkar introduced last week for storing tracking data on a user’s machine, known as the “Evercookie,” is even more worrisome when used on mobile devices, according to another researcher’s analysis.

The persistent method that security researcher Samy Kamkar introduced last week for storing tracking data on a user’s machine, known as the “Evercookie,” is even more worrisome when used on mobile devices, according to another researcher’s analysis.

The Evercookie is a simple method for forcing a user’s machine to retain browser cookies by storing the data in a number of different locations. The method also has the ability to recreate deleted cookies if it finds that the user has removed them. Created by Kamkar as a demonstration of a way that sites could use to persistently track users even after they clear their browser cookies, the Evercookie has drawn the attention of a number of other researchers who have spent some time looking for methods to defeat it.

A researcher in South Africa took a look at the way the the Evercookie works on both Safari on the desktop and on mobile devices, and found that it can be undone in some circumstances. However, he also found that the mobile version of Safari fares far worse in its handling of the Evercookie than the standard version does.

“My second most frequent browsing platform is my iPhone, and I thought I
would investigate how Apple IOS, MobileSafari & embedded WebKit
fares. It does much worse. The problem is, any app
which embeds MobileWebKit has it’s own stores. Even if you go to your
settings and delete local databases, you haven’t cleared the cookies,
caches & stores in the other apps. Even if you do clear your
MobileSafari store, the HTML5 localStorage mechanism isn’t properly
cleared and the cookie reloads itself,” Dominic White wrote in analysis of the Evercookie on an iPhone.

White wrote a script that will go through and delete the cookie from all of the relevant WebKit databases on the iPhone. The script only works on jailbroken iPhones. Jeremiah Grossman of WhiteHat Security also developed a method for removing the Evercookie from Google Chrome, without going through a browser restart.

Kamkar’s Evercookie is a JavaScript API that takes advantage of a number of available storage locations in a user’s browser to store persistent data. In most cases, the cookie will persist even after a user clears his the cookies from his browser or manually goes in and attempts to delete specific files on the machine.

“Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available,” Kamkar said in his introduction of the Evercookie.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business