Everyone wants to be able to identify and monitor individuals throughout the internet, from advertisers and marketers to government-backed hackers and spyware developers. And even though there is currently an incredible amount of infrastructure in place to accomplish just that, the need for data and new means to capture it have proven to be insatiable. In light of this fact, researchers from the New Jersey Institute of Technology have issued a warning this week on emerging methods that attackers may employ to identify website visitors’ identities and potentially link various aspects of their targets’ digital life.
The research, which will be presented by NJIT researchers at the Usenix Security Symposium in Boston the following month, demonstrates how an attacker who successfully lures a victim into loading a malicious website can identify whether the victim is in charge of a specific public identifier, such as an email address or social media account, connecting the victim to a piece of potentially personal information.
When you visit a website, the page may record your IP address, but this may not provide the website owner with enough details to uniquely identify you. Instead, the hack examines minute details of a possible target’s browser activity to ascertain whether they are signed into an account for several platforms, including YouTube, Dropbox, Twitter, Facebook, TikTok, and more. Additionally, the assaults are effective against every major browser, including the Tor Browser, which focuses on anonymity.
The researchers claim that by engaging in a significant disclosure procedure with multiple web services, browsers, and web standards groups, they have sparked a bigger conversation about how to adequately handle the problem. Chrome and Firefox have not yet made their replies available to the public. And Curtmola claims that to address the problem at the chip level, substantial and perhaps unfeasible modifications to the way CPUs are constructed would be required. However, it asserts that group talks held through the World Wide Web Consortium or other venues may finally result in a comprehensive answer.
A New Attack Can Unmask Anonymous Users on Any Major Browser https://t.co/YM0Pa7Q4vW#security #crypto #cybersecurity #zeroday #malware #phishing #patches #exploit #ransomware pic.twitter.com/hU5iWRp6zn
— Rich Tehrani (@rtehrani) July 14, 2022
