U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Audio fingerprinting being used to track Internet users

A study of online trackers carried out by researchers at Princeton University allowed the identification of the Audio fingerprinting tracking technique. Privacy is probably one of the most debated arguments when dealing with the Internet, we discussed several times the way to protect anonymity online and which are the attacks law enforcement and intelligence agencies carry on […]

Audio fingerprinting being used to track Internet users

A study of online trackers carried out by researchers at Princeton University allowed the identification of the Audio fingerprinting tracking technique.

Privacy is probably one of the most debated arguments when dealing with the Internet, we discussed several times the way to protect anonymity online and which are the attacks law enforcement and intelligence agencies carry on in order to de-anonymize users.

Most users believe that just blocking scripts and advertisements is enough to avoid being tracked, but this is false. Some websites are able to monitor and track users through fingerprinting techniques based on the HTML Canvass API and WebRTC local IP discovery.

Today we will discuss a new web-tracking technique called Audio Fingerprinting.

The Audio Fingerprinting tracking technique represents a valid solution for the advertising industry and for law enforcement agencies. It could be used to de-anonymized users surfing through a VPN network without decrypting the traffic.

A group of researchers from the Princeton University have conducted a study on multiple Google domains and discovered the company is tracking users on nearly 80 percent of all Top 1 Million Domains by leveraging on a variety of tracking and identification techniques.

“We make 15 types of measurements on each site, including stateful (cookie-based) and stateless (fingerprinting-based) tracking, the effect of browser privacy tools, and the exchange of tracking data between different sites (“cookie syncing”). Our findings include multiple sophisticated fingerprinting techniques never before measured in the wild” states the paper published by the researchers.

One of these tracking methods is the Audio Fingerprinting technique that relies on the audio stack of the machine through the use of the AudioContext API.The researchers discovered that it is possible to harvest the audio signals of the each machine that is using the AudioContext API to reveal unique browser and device combinations.

The technique is devious as efficient, a third-party tracker could use the AudioContext API to send low-frequency sounds to a user’s machine and then measures the way it processes the data in order to create a unique fingerprint.

“A script from the company Liverail checks for the existence of an AudioContext and OscillatorNode to add a single bit of information to a broader fingerprint. More sophisticated scripts process an audio signal generated with an OscillatorNode to fingerprint the device.” wrote the researchers.”This technique appears conceptually similar to that of canvas fingerprinting. Audio signals processed on different machines or browsers may have slight differences due to hardware or software differences between the machines while the same combination of machine and browser will produce the same output.”

Fortunately, the Audio fingerprinting technique is not widespread.

The researchers used the open-source tool OpenWPM to perform their tests, is implements numerous advanced features, including the ability to automatically log into websites using specified credentials. It loads sites in common browsers (i.e. Chrome, Firefox and Internet Explorer) collecting data on the tracking loaded on each page.

The work of the researchers is precious, such kind of analysis will help privacy defenders against the proliferation of tracking techniques.