Stopping phishing, crypto hijacking, and data theft on Chromebooks

Rick Deacon
2 min readMar 28, 2018

Chromebooks are a pretty damn secure platform. Businesses, schools, and even security practitioners have adopted them as a way to keep control over traveling devices while maintaining a high level of security. Their ability to be remotely wiped clean, sandbox individual browser tabs, and ensure a secure boot process make them a locked down platform for wide deployment.

Mentored someone on teaching computing basics to seniors.
“What antivirus to buy?”
“Buy a Chromebook.”
“What about…”

— SwiftOnSecurity (@SwiftOnSecurity) July 23, 2015

They also have their downsides. The most significant is the inability to run full applications or any sort of agent. This means that despite the amount of telemetry they can report back from managed devices, there exists a gap in monitoring for attacks and security problems. Specifically, social engineering attacks. Being able to block phishing attacks in particular proves to be difficult since bypassing Gmail’s phishing filters is relatively simply. Attackers buy primed domains and use compromised accounts to slide right by their protections.

While Chromebooks are leaps ahead of most systems when it comes to managed security, phishing and social engineering attacks need to be mitigated and logged to a central location for review and orchestration.

This is where Apozy NoHack comes in. NoHack is the ONLY protection for Chromebooks that does not require an agent, allowing administrators to protect against spear-phishing attacks and collect malicious browsing data. NoHack decides, in real-time, whether a site is malicious and creates a “read-only” experience on pages where something was detected. This nullifies attacks like phishing, crypto hijacking, and malicious scripts. All the while, NoHack reports the who/what/where/how of every single malicious page visited, seeing behind the walled gardens of SSL.

NoHack is a browser extension for Chrome, so deploying it to Chromebooks is a 30 second process. Combined with built-in security, NoHack provides full security coverage for Chromebook users, removing the shadow of doubt.



Rick Deacon

Founder, Interlock. Hacker interested in startups, blockchain, and cars