A new attack was created that records everything you do on the Internet - Gummy Browser
Gummy Browser, the new attack that records data when browsing
A group of security researchers in the United States has developed what they have called the Gummy Browser. It is a new attack that has the ability to register fingerprints and impersonate the browser. They indicate that it is a simple technique and that it can seriously jeopardize the security and privacy of users.
But to better understand how Gummy Browser works, you have to know what a fingerprint consists of. We can say that it is a unique identifier that is associated with a user. It is capable of recording data such as the IP address, the version of the browser you are using, the installed system, programs, plug-ins, and even cookies or mouse movements and keystrokes.
It must be taken into account that these fingerprints can be used by the websites themselves to identify users or even form part of authentication systems. They have a great value for everything we have mentioned that they store, and that causes them to be sold on the Dark Web.
But then what is the Gummy Browser attack? What these security researchers have achieved is to capture that fingerprint once a person enters a website controlled by an attacker. This fingerprint can later be used to falsify the identity of that user.
They use scripts, both existing and custom. The method is based on the injection of scripts, which are capable of extracting values through JavaScript APIs. They also use tools to change the browser attributes to any custom value, as well as modify the scripts and change the browser properties with spoofed values.
They can fool fingerprint systems
By simply capturing the victim's fingerprint once, security researchers noted, they are able to fool systems for an extended period of time.
They claim that this method they have devised would be able to successfully spoof the victim's browser. But also, it is possible to run Gummy Browser without the remote user and server being able to detect it. This makes them run and spoof without any alerts being triggered.
The conclusion that security researchers draw is that a cybercriminal could take advantage of this type of attack to fool systems that use fingerprints. It could seriously affect the security and privacy of users. This raises the question of whether it is good to use fingerprints on a large scale, as they could become a real problem for users.