loader gif

SSL/TLS fingerprint tampering jumps from thousands to billions

SSL/TLS fingerprint tampering jumps from thousands to billions (Emerging Threats)

Researchers noted spikes in distinct fingerprints in August 2018 with 18,652 distinct fingerprints globally but at the time there was no evidence of any tampering with Client Hello or any other fingerprint component, according to a 15 May Akamai blog post. In early September 2018 researchers began observing TLS tampering via cipher randomisation across several verticals with many instances targeted towards airlines, banking, and dating websites and by the end of October, the TLS tampering had climbed to 255 million and hit more than 1.3 billion instances by February 2019. "Over the last few months, attackers have been tampering with SSL/TLS signatures at a scale never before seen by Akamai," researchers said in the post. "The TLS fingerprints that Akamai observed before Cipher Stunting was observed could be counted in the tens of thousands. The technique isn’t anything new as and researcher, Ivan Ristic developed an Apache module to passively fingerprint clients based on cipher suites and came up with a signature base that identifies many browsers and operating systems back in 2008.

loader gif