Geeks for your information News Privacy & Security News v
Favicons may be used to track users
Favicons may be used to track users
harlan4096 Online
MalWare Zoo Team
*******
Posts: 14,770
Threads: 9,666
Thanks Received: 9,098 in 7,250 posts
Thanks Given: 9,907
Joined: 12 September 18
#1
Information  22 January 21, 14:41
Quote:
[Image: favicon-attack.png]

Security researchers of the University of Illinois at Chicago have discovered a new method to track Internet users that is persistent across sessions, even if users clear cookies and the browsing cache.

The research paper Tales of F A V I C O N S and Caches: Persistent Tracking in Modern Browsers highlights that favicons may be used in conjunction with fingerprinting techniques to track users.

Favicons are used by site to display a small site icon, e.g. in the address bar of browsers that support it but also elsewhere, e.g. in the bookmarks or tabs. Favicons are cached by the browser, but are stored independently from other cached items such as HTML files or site images.

Users who use built-in functionality to clear the cache will have these cached files removed from storage but not favicons. In other words: favicons persist over browsing sessions even if the user clears the cache, and they are accessible even in private browsing or Incognito mode sessions.

Browsers detect and cache favicons of sites automatically, and sites may use a single line of code to specify their favicon.

A single favicon is not enough to identify users based on it, but the researchers discovered a way to plant multiple favicons in the favicon cache. The site does a series of redirects through several subdomains to save multiple different favicons in the cache. Each saved favicon creates its own entry in the cache, and all of them together can be used to identify users provided that enough favicons are saved using the methodology.Redirects happen without any user interaction as everything is controlled by the site in question.

The researchers tested the attack against the Chromium-based browsers Google Chrome, Brave, Safari and Microsoft Edge, and found them all vulnerable to the attack. They did try the attack on Firefox but found a bug that prevented the browser from reading cached favicon entries. Once fixed, Firefox would likely be vulnerable to the attack as well.

The attack takes a bit of time according to the research paper, but it should be possible to improve the performance with optimizations.
 
Quote:We find that combining our favicon based tracking technique with immutable browser-fingerprinting attributes that do not change over time allows a website to reconstruct a 32-bit tracking identifier in 2 seconds.

The researchers suggest several mitigation and counter-measure options, all of which require that browser makers change favicon-related functionality.

Now You: What is your take on this new tracking method?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Free Download Manager 6.28.1.6321
Changes in 6.28.1....harlan4096 — 06:46
Hasleo Backup Suite Free 5.4.2.1
Hasleo Backup Suit...harlan4096 — 06:44
AdGuard VPN for Mac 2.6
AdGuard VPN for Ma...harlan4096 — 06:43
Vivaldi 7.4 Build 3684.55
Vivaldi 7.4 Build ...harlan4096 — 06:41
AVLab.pl - Advanced In-The-Wild Malware ...
Almost half of the...harlan4096 — 06:40

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (38)Tedscolo
avatar (45)brakasig
avatar (39)efynu

[-]
Online Staff
There are no staff members currently online.

>