UnoLock Security Monitoring Service

Overview

UnoLock's Security Monitoring Service is a proactive, client-side background service that runs automatically in all UnoLock vaults, continuously auditing the browser runtime to detect and block malicious behavior before it can compromise your data. By combining API-blocking, event-listener auditing, DOM mutation inspection, overlay detection, and extension probing, it helps ensure that any injected code, unauthorized extensions, or clickjacking attempts are caught and neutralized in real time. This feature enforces strict controls on every aspect of the browser API, maintaining a hardened, trust-no-one runtime posture across all tiers.

How It Works

Automated Malicious-Extension Detection: On every app launch, UnoLock attempts to fetch each known "bad" extension's manifest.json URL across Chrome, Firefox, and Safari schemes.
API-Tampering & Storage-Access Alerts: UnoLock snapshots native browser APIs (fetch, WebSocket, localStorage, IndexedDB) at startup and continually verifies they haven't been overridden or wrapped by an external script. It overrides localStorage/sessionStorage methods and indexedDB.open to throw on any attempt to read or write, logging and flagging each call immediately.
DOM-Injection & Clickjacking Guardrails: A mutation observer flags any unexpected <script> or <iframe> insertions that aren't explicitly whitelisted, using a debounced MutationObserver to watch for newly added nodes and stripping unauthorized elements. A periodic overlay scan finds full-screen, transparent elements that could intercept clicks, flagging or removing elements that could hijack clicks. It also scans for UI overlays and clickjacking checks every few seconds (outside Angular's zone).
Event-Listener Auditing: UnoLock wraps addEventListener to log when any code (including extensions) registers handlers on sensitive events (click, input, copy/paste). After Angular stabilizes, it intercepts addEventListener to count sensitive handlers (click, input, keydown, etc.) and detect listeners injected by browser extensions via stack-trace analysis. Exceeding configurable thresholds triggers an alert.
Configurable Whitelisting & Minimal Overhead: UnoLock only probes once per known extension ID, minimizing network overhead. Continuous monitoring runs outside Angular's change-detection zone and debounces mutations to avoid performance impact. Developers can mark legitimate, app-generated scripts/iframes (data-unolock-*), so it never blocks its own functionality. Extension presence probing loads hidden manifests for known banned extensions (from BANNED_EXTENSIONS) and alerts immediately if any are present.

Security Implications

Proactive Tamper Detection: Identifies and blocks meddling scripts and API overrides before they execute.
Clickjacking Protection: Stops hidden overlays and rogue iframes that could hijack user interactions.
Extension Threat Awareness: Detects malicious or unapproved extensions at runtime, warning the user to remove them.
Real-Time Client-Side Alerts: Escalating alerts inform users of repeated or severe anomalies, guiding them to switch to a clean profile or incognito mode.
Zero-Trust Browser Environment: By enforcing strict controls on every aspect of the browser API, UnoLock maintains a hardened, trust-no-one runtime posture.

Use Cases

Cryptocurrency Security: Protects crypto users from extension-based theft by detecting and blocking keyloggers or API hijacks in real time.
High-Risk Environments: Journalists or activists can operate safely, with alerts for tampering that could expose sensitive communications.
Everyday Privacy: Privacy-conscious individuals benefit from automatic detection of unwanted extensions, ensuring their vault remains secure.
Enterprise Data Protection: Businesses managing sensitive assets receive warnings about runtime threats, preventing data leaks.

Why It Matters

UnoLock's Security Monitoring Service provides a best-effort, client-side defense layer that enforces strict API controls, audits runtime behavior, and detects and neutralizes unauthorized code or extensions, all in real time. While this zero-trust approach significantly raises the bar against browser-based threats, no client-side guard can guarantee 100% protection. Users must also exercise caution by avoiding untrusted or unsafe browser extensions and keeping their environment secure. Together, UnoLock's monitoring features and responsible user practices maintain the integrity of your data against evolving risks.

FAQs

What happens if a malicious extension is detected?

The service alerts you immediately and prompts removal, preventing potential data compromise.

How does the service impact performance?

It runs efficiently with debounced checks and minimal overhead, ensuring smooth operation without noticeable slowdowns.

Can I customize the monitoring thresholds?

Yes, configurable whitelisting and thresholds allow adjustments for specific needs, such as marking trusted app elements.

What if I ignore an alert?

Ignoring alerts increases risk; the service continues monitoring but recommends action to maintain security.

Compliance & Privacy Regulations

GDPR & HIPAA Compliance: The service collects no personal data or metadata, focusing solely on runtime threats within the browser. It supports compliance by preventing unauthorized access or tampering, aligning with stringent privacy and security standards like GDPR and HIPAA.

Integration with Other Features

Post-Quantum Encryption: Complements the service by ensuring encrypted data remains secure even if tampering is attempted, as runtime monitoring blocks threats before they reach sensitive operations.
Client-Side Encryption Using AES-256 GCM: Enhances protection by auditing APIs and DOM elements that could interfere with encryption processes, maintaining a tamper-proof environment.
Safe to Safe Messaging Security: Works alongside messaging by detecting injections or overlays that could intercept communications, ensuring secure, untraceable exchanges.