HomeNewsFingerprint biometrics users roped by gummy browser, a malicious website

Fingerprint biometrics users roped by gummy browser, a malicious website

-

Last Updated on 22/11/2021 by Nidhi Khandelwal

Image courtesy; Medium.com

The Gummy Browsers attack aims to collect a person’s fingerprint by tricking them into visiting a malicious website.

This attack approach can be used to get around 2FA on authentication systems.

Fingerprint biometrics users roped by gummy browser, a malicious website 1
Image courtesy; CISO Mag

After obtaining fingerprints via their malicious website, the attacker can use them to impersonate a person on a target machine.

Gummy Browsers may successfully imitate the victim’s browser virtually every time, according to the findings, without harming the tracking of legitimate users.

Researchers devised and presented three different methods for impersonating a user’s identity. The first is to spoof the victim’s fingerprint by using Selenium to run scripts that provide values received through JavaScript API requests.

The second way is to change the browser attributes to any custom value impacting JavaScript API and the relevant value in the HTTP header using a browser setting and debugging tools.

The third way is to change browser properties with faked values by modifying scripts. It causes scripts on websites to be changed before they are delivered to the web server.

Researchers were able to fool advanced and current fingerprinting technologies for an extended period of time in an assault sample.

The repercussions of the Gummy Browsers assault are quite dangerous, especially as browser fingerprinting becomes more common. It allows attackers to get around security solutions that are meant to verify users. As a result, security teams must seek to find a way to prevent such assaults.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

How to recover data from Office 365? Best data protection standards...

0
You've made the switch to Office 365 to reap the benefits of the cloud.  It is just as important to ensure that your data is...