Scheme Flooding Let Hackers Identifying Users While Browsing Websites Including the Tor

A new fingerprint technique has been discovered by the Konstantin Darutkin of FingerprintJS, and Darutkin has claimed that by using this technique an attacker can easily track down a user.

This method will help them to find users across different browsers using the same machine by inquiring about the application that has been installed on the device.

However, this new technique enables the researchers to outline users, whenever they visit the website. The most interesting part of this technique is that researchers can visit the website with all ordinary web browsers like Chrome, Firefox, and Safari.

The cybersecurity analysts can identify all the online activity of the users, even when the users trying to protect their anonymity using the Tor browser.

Cross-browser Tracking Using Scheme Flooding

The authorities of FingerprintJS had described Cross-browser anonymity, and according to them, it is something that is being taken for granted by internet users who are really conscious about their privacy.

To open the known URL handlers and check if the web browser starts a prompt or not, a site generates a list of all the installed apps, which in turn allows cross-browser tracking using scheme flooding.

In short, by using this exploit, an attacker can easily track down the usage of a user’s browsers like Google Chrome, Safari, even the Tor browser as well.

The researchers also affirmed that Tor Browser generally offers the ultimate privacy protection. However, it is quite slow in providing connection speed as well as in performance error on several websites, therefore users do not depend more on anonymous browsers for their daily surfing.

How does it work?

Now the question arises how does it work? well, the new scheme flooding vulnerability allows the threat actors to regulate that which applications the users have installed.

However, by knowing this the threat actors can easily generate a 32-bit cross-browser device identifier, well with the help of this website hackers can test a list of 32 popular applications.

The analysts asserted that the identification method nearly lasts for a few seconds and soon it starts working across desktop Windows, Mac, and Linux operating systems.

Affected Browsers

The browsers that are vulnerable to this vulnerability are mentioned below:-

  • Chrome
  • Safari
  • Tor Browser
  • Firefox

Mitigations That are Available Can be Bypassed

Apart from this the Darutkin also mentioned the required steps to exploit this technique and here they are mentioned below:-

  • Initially, to test the vulnerability make a full list of application URL schemes.
  • After that, you can add a script on the selected website, as it will help you to test the application.
  • You will notice that the script will soon get return an ordered array of boolean values.
  • If your application gets installed easily, then all your boolean value is true, but in case if your application isn’t gets installed then it is not true.
  • To generate a permanent cross-browser identifier, simply use the array.
  • Lastly, you can also use machine learning algorithms to guess your website visitors’ general information like interests, occupation, age, and many more.

But, the oddest thing is that all the available mitigations can also be bypassed, as Konstantin Darutkin noted that triggering a built-in Chrome extension, like the Chrome PDF Viewer, can easily bypass this mitigation.

Until and unless the browsers put in some working mitigations for this attack, there is only one way to stop this method of cross-browser tracking, well users should have to use the browser on another device.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Leave a Reply