HomeNewsFingerprint biometrics users roped by gummy browser, a malicious website

Fingerprint biometrics users roped by gummy browser, a malicious website

-

Image courtesy; Medium.com

The Gummy Browsers attack aims to collect a person’s fingerprint by tricking them into visiting a malicious website.

This attack approach can be used to get around 2FA on authentication systems.

Fingerprint biometrics users roped by gummy browser, a malicious website 1
Image courtesy; CISO Mag

After obtaining fingerprints via their malicious website, the attacker can use them to impersonate a person on a target machine.

Gummy Browsers may successfully imitate the victim’s browser virtually every time, according to the findings, without harming the tracking of legitimate users.

Researchers devised and presented three different methods for impersonating a user’s identity. The first is to spoof the victim’s fingerprint by using Selenium to run scripts that provide values received through JavaScript API requests.

The second way is to change the browser attributes to any custom value impacting JavaScript API and the relevant value in the HTTP header using a browser setting and debugging tools.

The third way is to change browser properties with faked values by modifying scripts. It causes scripts on websites to be changed before they are delivered to the web server.

Researchers were able to fool advanced and current fingerprinting technologies for an extended period of time in an assault sample.

The repercussions of the Gummy Browsers assault are quite dangerous, especially as browser fingerprinting becomes more common. It allows attackers to get around security solutions that are meant to verify users. As a result, security teams must seek to find a way to prevent such assaults.

Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.

Must Read

Vodafone Idea (VI) states yet another levy climb is coming as...

0
Only half a month after a tax climb, Vodafone Idea says another could be coming soon as the striving telco hopes to fight lessening...