Security News > 2021 > October > New Gummy Browser attack lets hackers spoof tracking profiles
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers.
The 'Gummy Browsers' attack is the process of capturing a person's fingerprint by making them visit an attacker-controlled website and then using that fingerprint on a target platform to spoof that person's identity.
Browser setting and debugging tool - Both can be used to change the browser attributes to any custom value, affecting both the JavaScript API and the corresponding value in the HTTP header.
"Our results showed that Gummy Browsers can successfully impersonate the victim's browser transparently almost all the time without affecting the tracking of legitimate users," the researchers explain in an Arxiv paper published yesterday.
"Since acquiring and spoofing the browser characteristics is oblivious to both the user and the remote web-server, Gummy Browsers can be launched easily while remaining hard to detect".
The researchers state that threat actors can easily use the Gummy Bear attack to trick systems utilizing fingerprinting.
News URL
Related news
- Russian hackers shift to cloud attacks, US and allies warn (source)
- Russian hackers hijack Ubiquiti routers to launch stealthy attacks (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)