Thursday 20 April 2017

Hackers Are Using Unicode Characters For New Phishing Attack

Hackers  Are Using Unicode Characters for Phishing Attack.

A new phishing technique to target users and it doesn't detected by Google chrome, Firefox and Opera browsers.

A Chinese security researchers reported that it is impossible to detect phishing attack that can be used to trick even the most careful users.

By Using Punycode 

Punycode is a way to represent Unicode within the limited character subset of ASCII used for Internet host names. For example, "München" (German name for the city of Munich) would be encoded as "Mnchen-3ya". Using Punycode, host names containing Unicode characters are transcoded to a subset of ASCII consisting of letters, digits, and hyphen (the Letter-Digit-Hyphen (LDH) subset, as it is called).

According to researcher blog,
From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "", which is equivalent to "а". It may not be obvious at first glance, but "а" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack.

By Using IDN Homograph attack

The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike, (i.e., they are homographs, hence the term for the attack). For example, a person frequenting may be lured to click a link in which the Latin C is replaced with the Cyrillic С.

An example of an IDN homograph attack; the "e" and "a" are replaced with Cyrillic letters rather than Latin ones.
This kind of spoofing attack is also known as script spoofing. Unicode incorporates numerous writing systems, and, for a number of reasons, similar-looking characters such as Greek Ο, Latin O, and Cyrillic О were not assigned the same code. Their incorrect or malicious usage is a possibility for security attacks

xn-- prefix is known as ASCII compatible encoding prefix, which represent that domain are using punnycode to Unicode characters.

How can We Protect?

  • To type manually URL into the Browser.
  • Firefox users can limit their exposure to this bug by going to about:config and setting network.IDN_show_punycode to true. 
  • Chrome and Opera still work on Fixing this bug.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer