For the last couple of years, I have done my taxes online.\u00a0 Compared to doing them by hand on paper, the online method takes far less time to fill out.\u00a0 However, it also brings with it the host of security risks associated with entering sensitive data over the internet.\u00a0 To successfully file your tax return, the online system must take your social security number, as well as all your personal and financial information.<\/p>\n
Assets \/ Security Goals<\/strong><\/p>\n One clear asset that needs to be protected is the user’s sensitive personal information.\u00a0 If an attacker can read this data, they can effectively steal the user’s identity.<\/p>\n Another desirable security goal is that accurate information must go to the government.\u00a0 Inaccurate sending of information could lead to either the user owing more money than they should, or the IRS performing an audit on the user.<\/p>\n Adversaries \/ Threats<\/strong><\/p>\n One threat could come from someone sitting between the company building your tax return and the IRS.\u00a0 Someone in this position might be able to intercept and modify the return when it is transmitted to the IRS.<\/p>\n Another threat could be from a disgruntled employee at the company building your tax return.\u00a0 To make their services as easy to use as they are, these companies must store all the information you enter each year so that you don’t have to re-enter your personal information again the next year.\u00a0 A disgruntled employee might be able to steal this data and sell it to the highest bidder.<\/p>\n Weaknesses<\/strong><\/p>\n One possible weakness could be cross-site scripting vulnerabilities.\u00a0 These are often caused by easy to miss bugs, and their consequence could be as serious as having all the user’s sensitive data stolen.<\/p>\n Another weakness comes from the combination of sensitive data being stored for an extended period of time (1+ years) and the user using their account very infrequently (likely only once per year).\u00a0 This allows for both inside or outside attackers plenty of time to launch quite extensive attacks, which the user will likely know nothing of for a very long time<\/p>\n Defenses<\/strong><\/p>\n The main key to defending against cross-site scripting vulnerabilities is to check everything going into and out of the server side script is sanitized.\u00a0 This includes not charging blindly on in the case of invalid values.<\/p>\n As for the data retention weakness, not storing the sensitive data from year to year would definitely be the most secure option.\u00a0 However, this does mean a sacrifice in convenience that users may find worth a small decrease in security.\u00a0 Assuming the data must be kept, ideally it should be kept in such a way that not even the company would be able to look at it without being given some secret by the user.\u00a0 This could work by having the user know a password that the company only knows the secure hash of.\u00a0 This password could then also be used to generate a secret key that could then encrypt the user’s sensitive information on the company’s computers.\u00a0 This way, when the user is not accessing the data, the company’s computers do not have enough information to recover the user’s password, the secret key generated by their password, or their sensitive data.\u00a0 But they would be able to quickly verify that a user’s password is correct, and from that correct password, generate the secret key to temporarily unlock their data.\u00a0 The downside to this system is that it is now only as strong as the user’s password, and user’s are notoriously bad at choosing strong passwords.<\/p>\n Risks \/ Conclusion The main risks in doing taxes online lie in the possibility of identity theft and tax fraud.\u00a0 I would imagine that companies providing online tax services likely know of and have defenses for attacks coming from the outside.\u00a0 What has me a little bit more worried is the threat of an inside job.\u00a0 A single disgruntled employee, or even just an unpatched computer that gets a virus could likely bypass most defenses against outside attacks if they are not considered.\u00a0 One thing that does sooth my worries some is that as reputable companies wishing to continue making money, these companies would likely work hard to mitigate the effects of any attack on the user, otherwise they might get a reputation for screwing people over.<\/p>\n","protected":false},"excerpt":{"rendered":" For the last couple of years, I have done my taxes online.\u00a0 Compared to doing them by hand on paper, the online method takes far less time to fill out.\u00a0 However, it also brings with it the host of security … Continue reading
\n<\/strong><\/p>\n