Gummy Browsers: A New Way to Steal a Victim’s Digital Fingerprint
Security researchers have developed a new technique for capturing and spoofing a browser’s digital fingerprint. This cyberattack vector, called Gummy Browsers, is reportedly easy to use in real-world attacks, according to experts.
As is well known, a digital fingerprint is created based on a range of characteristics from a user’s device: IP address, browser and operating system version, installed applications, add-ons, cookies, and even typing patterns or mouse movements.
Website owners and advertising companies can use digital fingerprints to distinguish humans from bots and to track visitors’ activities online. All the collected information helps advertisers serve users more relevant ads.
In addition, digital fingerprints can be used in authentication systems. For example, in some cases, two-factor authentication (2FA) can be bypassed if the system recognizes a specific digital fingerprint and thus identifies the account owner.
This is why such fingerprints are a popular commodity on cybercrime forums in the dark web. If a cybercriminal buys a few of these fingerprints, they can gain access to users’ accounts.
How the Gummy Browsers Attack Works
The new attack vector, Gummy Browsers, is based on luring the victim to a specific website that collects all the information needed to create a digital fingerprint. These data can then be used by attackers as they see fit.
To impersonate the targeted user on other sites, cybercriminals can use a three-step process described by experts:
- Script Injection: Data is extracted using JavaScript API calls.
- Browser Settings and Developer Tools: These can be used to change browser attributes.
- Script Modification: This allows attackers to alter browser values and the website’s built-in code before it is sent to the server.
According to a report by specialists, this method does not arouse any suspicion from the victim, even as a potential attacker is stealing their digital identity. Researchers also warned that real cybercriminals can easily use Gummy Browsers in attacks.