Criminals Bypassing Sophisticated Device Fingerprinting with Basic Tools

Research from Trusteer shows that device fingerprinting, which is used in fraud detection systems, might be a useless layer of protection after they discovered a manual for bypassing such features being circulated among online criminals.

Trusteer researchers discovered the manual during the course of a typical work day. In it, the author explains how to bypass the layered protection that is found in several fingerprinting systems. 

“This approach collects a myriad of session attributes to “fingerprint” the endpoint device, including IP address and type and version of browser and operating system. Using this information, fraud detection systems can, for example, detect when a single device is being used to place multiple orders with different user credentials – a practice typically indicative of fraud,”

The tutorial explains that the usage of commercial VPNs, and proxy services will work to defeat the IP protections within the fingerprinting systems, and adds information on how to make sessions from a single system appear as if they originate from different computers, operating systems, and browsers by altering the user agent headers.

“This tutorial demonstrates that cybercriminals have achieved a sophisticated level of understanding of device fingerprinting techniques and are exploiting this knowledge to evade fraud prevention systems that rely on the browser’s User-Agent header to detect cybercrime,” Trusteer adds.

“Because fraudsters can easily manipulate the browser’s User-Agent header information, device fingerprinting solutions that rely solely on User-Agent data should be considered unreliable.”