Thursday, December 7, 2023

Scheme Flooding Let Hackers Identifying Users While Browsing Websites Including the Tor

A new fingerprint technique has been discovered by the Konstantin Darutkin of FingerprintJS, and Darutkin has claimed that by using this technique an attacker can easily track down a user.

This method will help them to find users across different browsers using the same machine by inquiring about the application that has been installed on the device.

However, this new technique enables the researchers to outline users, whenever they visit the website. The most interesting part of this technique is that researchers can visit the website with all ordinary web browsers like Chrome, Firefox, and Safari.

The cybersecurity analysts can identify all the online activity of the users, even when the users trying to protect their anonymity using the Tor browser.

Cross-browser Tracking Using Scheme Flooding

The authorities of FingerprintJS had described Cross-browser anonymity, and according to them, it is something that is being taken for granted by internet users who are really conscious about their privacy.

To open the known URL handlers and check if the web browser starts a prompt or not, a site generates a list of all the installed apps, which in turn allows cross-browser tracking using scheme flooding.

In short, by using this exploit, an attacker can easily track down the usage of a user’s browsers like Google Chrome, Safari, even the Tor browser as well.

The researchers also affirmed that Tor Browser generally offers the ultimate privacy protection. However, it is quite slow in providing connection speed as well as in performance error on several websites, therefore users do not depend more on anonymous browsers for their daily surfing.

How does it work?

Now the question arises how does it work? well, the new scheme flooding vulnerability allows the threat actors to regulate that which applications the users have installed.

However, by knowing this the threat actors can easily generate a 32-bit cross-browser device identifier, well with the help of this website hackers can test a list of 32 popular applications.

The analysts asserted that the identification method nearly lasts for a few seconds and soon it starts working across desktop Windows, Mac, and Linux operating systems.

Affected Browsers

The browsers that are vulnerable to this vulnerability are mentioned below:-

  • Chrome
  • Safari
  • Tor Browser
  • Firefox

Mitigations That are Available Can be Bypassed

Apart from this the Darutkin also mentioned the required steps to exploit this technique and here they are mentioned below:-

  • Initially, to test the vulnerability make a full list of application URL schemes.
  • After that, you can add a script on the selected website, as it will help you to test the application.
  • You will notice that the script will soon get return an ordered array of boolean values.
  • If your application gets installed easily, then all your boolean value is true, but in case if your application isn’t gets installed then it is not true.
  • To generate a permanent cross-browser identifier, simply use the array.
  • Lastly, you can also use machine learning algorithms to guess your website visitors’ general information like interests, occupation, age, and many more.

But, the oddest thing is that all the available mitigations can also be bypassed, as Konstantin Darutkin noted that triggering a built-in Chrome extension, like the Chrome PDF Viewer, can easily bypass this mitigation.

Until and unless the browsers put in some working mitigations for this attack, there is only one way to stop this method of cross-browser tracking, well users should have to use the browser on another device.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...

Hackers Deliver AsyncRAT Through Weaponized WSF Script Files

The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being...

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles