Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Criminals Bypassing Sophisticated Device Fingerprinting with Basic Tools

Research from Trusteer shows that device fingerprinting, which is used in fraud detection systems, might be a useless layer of protection after they discovered a manual for bypassing such features being circulated among online criminals.

Research from Trusteer shows that device fingerprinting, which is used in fraud detection systems, might be a useless layer of protection after they discovered a manual for bypassing such features being circulated among online criminals.

Trusteer researchers discovered the manual during the course of a typical work day. In it, the author explains how to bypass the layered protection that is found in several fingerprinting systems. 

“This approach collects a myriad of session attributes to “fingerprint” the endpoint device, including IP address and type and version of browser and operating system. Using this information, fraud detection systems can, for example, detect when a single device is being used to place multiple orders with different user credentials – a practice typically indicative of fraud,”

The tutorial explains that the usage of commercial VPNs, and proxy services will work to defeat the IP protections within the fingerprinting systems, and adds information on how to make sessions from a single system appear as if they originate from different computers, operating systems, and browsers by altering the user agent headers.

“This tutorial demonstrates that cybercriminals have achieved a sophisticated level of understanding of device fingerprinting techniques and are exploiting this knowledge to evade fraud prevention systems that rely on the browser’s User-Agent header to detect cybercrime,” Trusteer adds.

“Because fraudsters can easily manipulate the browser’s User-Agent header information, device fingerprinting solutions that rely solely on User-Agent data should be considered unreliable.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights