2Likes
LinkBack URL
About LinkBackschrome_phishing_attack_unicode.jpg
A Chinese security researcher has demonstrated a scary phishing attack that’s virtually impossible to detect in web browsers like Chrome, Firefox, and Opera. The attack uses such unicode characters in domains that look just like the common ASCII characters. For example, “xn--pple-43d.com” is equivalent to “аpple.com”. Chrome is expected to roll out a fix in its upcoming Chrome 58 release.
Punycode is a method of depicting Unicode using the limited character subset of ASCII which is used for internet host names. It makes it possible to register domain names with foreign characters. For example, the domain name “xn--s7y.co” is same as “短.co”. Using the same, a security researcher has shown the proof-of-concept of a scary attack.
While the whole concept of the attack is very old, it has recently surfaced to the current versions of browsers like Google Chrome, Mozilla Firefox, and Opera. These browsers show unicode characters in domain names as normal characters, which makes it impossible to notice the notorious domains.
Due to this, it’s possible to register domains like “xn--pple-43d.com”, which is equivalent to “аpple.com,” the Chinese security researcher Xudong Zheng writes. Here’s the demo web page.
Image
In the picture above, ‘аpple.com’ uses Cyrillic ‘а’ (U+0430), instead of the ASCII ‘a’ (U+0041). This is also called a homograph attack.
So, are our web browsers totally incompetent against such attacks? Well, most browsers have some protection mechanisms enabled but they don’t detect every version of such attacks. For example, if the attacker only replaces ASCII characters with characters from a single foreign language, the protection fails.
This attack vector, fortunately, doesn’t affect Internet Explorer, Microsoft Edge, and Safari web browsers.
This bug was reported to Firefox and Chrome on January 20. While the fix has landed in Chrome Canary browser, it’ll be rolled out in Chrome 58 which is slated to arrive next week. The issue remains unaddressed in Firefox.
However, Firefox users can tackle this bug by going to about:config and setting network.IDN_show_punycode to true .
Zheng recommends the use of a password manager. He also advises that users must pay close attention to a site’s URL when entering personal information. You can read more about the attack on Xudong Zheng’s blog.
source: https://fossbytes.com/unicode-phishi...etect-browser/
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
04-18-2017 #1TulimGuest
This Scary Phishing Attack Is Impossible To Detect Here’s How It Affects Your Browser
whiteLight and jimmy7 like this.
Reply With Quote
