"New Gummy Browsers Attack Lets Hackers Spoof Tracking Profiles"

Academic researchers have developed a new fingerprint-capturing and browser-spoofing attack dubbed Gummy Browsers. According to the researchers, this attack is easy to perform and can have severe consequences. A digital fingerprint serves as a unique online identifier linked to a specific user based on a combination of a device's characteristics, including the user's IP address, browser and OS version, installed applications, active add-ons, and cookies. These characteristics also include the manner in which the users move their mouse or type on the keyboard. Digital fingerprints can be used by websites and advertisers to confirm that a visitor is human, track a user between sites, or improve targeted advertising. As these fingerprints are valuable, they are often found being sold on dark web marketplaces to threat actors and scammers, who can then use them to spoof users' online identities. Spoofing users' online identities makes it easy for the threat actors to take over accounts or conduct advertisement fraud. The Gummy Browsers attack involves making a person visit an attacker-controlled website to capture their fingerprint and then using that fingerprint on a target platform to spoof that person's identity. Following the generation of a user's fingerprint using existing or custom scripts, the researchers developed methods to spoof the user on other sites. The researchers explained that the Gummy Browsers attack could impersonate a victim's browser transparently nearly 100 percent of the time without affecting the tracking of legitimate users. This attack can easily be executed while remaining difficult to detect because acquiring and spoofing the browser characteristics is oblivious to the user and the remote web server. The researchers warned that the Gummy Browsers attack could have a lasting impact on users' online privacy and security as browser fingerprinting continues to grow in adoption in the real world. This article continues to discuss digital fingerprints as well as the process and potential impact of the Gummy Browsers attack. 

Bleeping Computer reports "New Gummy Browsers Attack Lets Hackers Spoof Tracking Profiles"