Security News > 2021 > October > New Gummy Browsers attack lets hackers spoof tracking profiles
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers.
The 'Gummy Browsers' attack is the process of capturing a person's fingerprint by making them visit an attacker-controlled website and then using that fingerprint on a target platform to spoof that person's identity.
"Our results showed that Gummy Browsers can successfully impersonate the victim's browser transparently almost all the time without affecting the tracking of legitimate users," the researchers explain in an Arxiv paper published yesterday.
The researchers state that threat actors can easily use the Gummy Browsers attack to trick systems utilizing fingerprinting.
"The impact of Gummy Browsers can be devastating and lasting on the online security and privacy of the users, especially given that browser-fingerprinting is starting to get widely adopted in the real world," warned the researchers.
The Gummy Browsers attack may also help bypass security features used to detect legitimate users in authentication services.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- SafePay ransomware gang claims Microlise attack that disrupted prison van tracking (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)