Device Fingerprinting Takes A leap Forward, But Behavioral Detection Provides Greater Safety

by Tim Sloane 0

This article in NewsFactor Network discusses a recent breakthrough that can track a device even when the user has multiple browsers, and the software is in the public domain:

“Banks, retailers and advertisers can track your online activity using Web “fingerprinting” techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online — even if you switch browsers.

Banks, retailers and advertisers can track your online activity using Web “fingerprinting” techniques, but these methods usually only work across a single browser. Now, however, new technology can follow you anywhere online — even if you switch browsers.

The new tech makes it possible to establish a unique online fingerprint based not on browser features but on features of a user’s operating system and computer hardware, according to a new study by researchers at Lehigh University and Washington University.

The cross-browser fingerprinting technique identifies users with an accuracy of 99.24 percent, compared to AmIUnique’s “state-of-the-art” accuracy of 90.84 percent across a single browser, according to the researchers.

While acknowledging the fingerprinting method could be used for undesirable purposes that violate online privacy, the researchers said the technique could also help service providers authenticate users for improved security.
Tracking Tech Evolving Fast

In their paper, researchers Yinzhi Cao and Song Li of Lehigh University and Erik Wijmans of Washington University in St. Louis described their cross-browser fingerprinting technique as the first to use “many novel OS and hardware features, especially computer graphics ones” to establish identities and track individual online users. They provided both a working demo and open source code online.”

With more than a billion passwords having been released into the wild and personally identifiable information available on the dark web for a song, trusting passwords to authenticate a user is clearly a terrible idea. Banks have been using device fingerprinting for some time, but that technology can be beaten by Trojans operating on the machine and by man in the middle attacks that might kick in after authentication is completed. A better solution is to use behavioral biometrics that track how a user types, clicks, and moves the mouse. When this technology detects an anomaly a challenge is definitely called for!

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Read the full story here