Ethereum-wallet MetaMask decentralized application (dApp) for browsers from 2 November to assume new postMessage API. dApp will no longer automatically load a web3 library that enables interaction with the network of broadcast, due to recently discovered vulnerabilities in the protection of sensitive data.
Decentralized application MetaMask works as a browser extension that allows users to access a distributed network. With a connected extension, you can open your account in the Ethereum blockchain and transactions. The current generation of decentralized applications for the browser has a vulnerability on the part of the storage of confidential user data. Malware can scan embedded in web page objects and keep track of wallet holders Ethereum, even if the extension is disabled. As soon as the user re-activates the extension, the attackers will see the addresses of the wallets of the victims, from which they will be able to access transaction history, balance, and other private information. This kind of attacks is called Fingerprinting or fingerprint, and makes the user vulnerable to a whole range of other attacks. So many scammers have been able to conduct phishing attacks using illegally obtained data.
To improve protection of user data, decentralized applications for browsers, including MetaMask, imToken, Status, and Mist need to update their applications. In particular, dApp will cease to support automatic deployment, the web interface Ethereum when the page loads. Instead, the application will send a request web3 provider, which in turn will require user confirmation to establish the connection. Access blockchain Ethereum will be received only if the system will get a positive response. In the application interface there will be more buttons for authorization, one of which will cause a pop-up window asking you to grant the website access to information about the user account. The sites for which the user approves access, will be kept in the cache. The whole system will be similar to the usual request for sites to access the microphone or camera.
