Researchers have developed a new fingerprint capturing and browser spoofing attack dubbed Gummy Browsers. According to them, this attack is an easy-to-perform attack with serious consequences.

Explaining Gummy Browsers threat

The Gummy Browsers attack is focused on gathering a person's fingerprint by luring them to visit a website controlled by an attacker.
  • This attack technique can be leveraged to bypass 2FA on auth systems. 
  • Once the attacker obtains the fingerprints via their malicious website, these can be used to spoof a person's identity on a target system.
  • The research results have demonstrated that Gummy Browsers can successfully impersonate the victim’s browser almost in every attempt, without affecting the tracking of valid users.

How does the spoofing work?

Researchers developed and demonstrated three possible ways to spoof a user’s identity.
  • First is spoofing the victim’s fingerprint by executing scripts with Selenium that serve values obtained by JavaScript API calls.
  • The second method is using a browser setting and debugging tools to change the browser attributes to any custom value affecting JavaScript API and the related value in the HTTP header.
  • The third method is script modification to make changes to the browser properties with spoofed values. It leads to changes in website scripts before they are sent to the webserver.

In an attack sample, researchers were able to fool advanced and modern fingerprinting systems (e.g., Panopliclick and FPStalker) for a long period of time.

Conclusion

As browser fingerprinting is becoming more popular, the consequences of the Gummy Browsers attack are really dangerous. It allows attackers to bypass security solutions used for validating users. Thus, security teams must work toward a solution to stop such attacks.
Cyware Publisher

Publisher

Cyware