Tuesday, December 3, 2024
HomeCVE/vulnerabilityScheme Flooding Let Hackers Identifying Users While Browsing Websites Including the Tor

Scheme Flooding Let Hackers Identifying Users While Browsing Websites Including the Tor

Published on

SIEM as a Service

A new fingerprint technique has been discovered by the Konstantin Darutkin of FingerprintJS, and Darutkin has claimed that by using this technique an attacker can easily track down a user.

This method will help them to find users across different browsers using the same machine by inquiring about the application that has been installed on the device.

However, this new technique enables the researchers to outline users, whenever they visit the website. The most interesting part of this technique is that researchers can visit the website with all ordinary web browsers like Chrome, Firefox, and Safari.

- Advertisement - SIEM as a Service

The cybersecurity analysts can identify all the online activity of the users, even when the users trying to protect their anonymity using the Tor browser.

Cross-browser Tracking Using Scheme Flooding

The authorities of FingerprintJS had described Cross-browser anonymity, and according to them, it is something that is being taken for granted by internet users who are really conscious about their privacy.

To open the known URL handlers and check if the web browser starts a prompt or not, a site generates a list of all the installed apps, which in turn allows cross-browser tracking using scheme flooding.

In short, by using this exploit, an attacker can easily track down the usage of a user’s browsers like Google Chrome, Safari, even the Tor browser as well.

The researchers also affirmed that Tor Browser generally offers the ultimate privacy protection. However, it is quite slow in providing connection speed as well as in performance error on several websites, therefore users do not depend more on anonymous browsers for their daily surfing.

How does it work?

Now the question arises how does it work? well, the new scheme flooding vulnerability allows the threat actors to regulate that which applications the users have installed.

However, by knowing this the threat actors can easily generate a 32-bit cross-browser device identifier, well with the help of this website hackers can test a list of 32 popular applications.

The analysts asserted that the identification method nearly lasts for a few seconds and soon it starts working across desktop Windows, Mac, and Linux operating systems.

Affected Browsers

The browsers that are vulnerable to this vulnerability are mentioned below:-

  • Chrome
  • Safari
  • Tor Browser
  • Firefox

Mitigations That are Available Can be Bypassed

Apart from this the Darutkin also mentioned the required steps to exploit this technique and here they are mentioned below:-

  • Initially, to test the vulnerability make a full list of application URL schemes.
  • After that, you can add a script on the selected website, as it will help you to test the application.
  • You will notice that the script will soon get return an ordered array of boolean values.
  • If your application gets installed easily, then all your boolean value is true, but in case if your application isn’t gets installed then it is not true.
  • To generate a permanent cross-browser identifier, simply use the array.
  • Lastly, you can also use machine learning algorithms to guess your website visitors’ general information like interests, occupation, age, and many more.

But, the oddest thing is that all the available mitigations can also be bypassed, as Konstantin Darutkin noted that triggering a built-in Chrome extension, like the Chrome PDF Viewer, can easily bypass this mitigation.

Until and unless the browsers put in some working mitigations for this attack, there is only one way to stop this method of cross-browser tracking, well users should have to use the browser on another device.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

HPE IceWall Flaw Let Attackers cause Unauthorized Data Modification

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin addressing a critical vulnerability...