Phishing Attacks with Unicode Domains

One more attack vector to be thinking about!

From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as “xn--pple-43d.com”, which is equivalent to “аpple.com”. It may not be obvious at first glance, but “аpple.com” uses the Cyrillic “а” (U+0430) rather than the ASCII “a” (U+0041). This is known as a homograph attack.

Chrome 59 will protect you from these phishing attempts by converting the maliciously-similar name to the Punycode version, thus making you aware of something amiss.

Firefox users can limit their exposure by going to about:config and settingnetwork.IDN_show_punycode to true. This will force Firefox to always display IDN domains in its Punycode form, making it possible to identify malicious domains. Thanks to /u/MARKZILLA on reddit for this solution.

Thus, the attack form of apple.com will show as https://www.xn--80ak6aa92e.com

On Twitter @Xudong_Zheng  says a simple way to limit the risk from bugs such as this is to always use a password manager, which can identify that the similar letters are not the same.

 

Leave a Reply

Your email address will not be published. Required fields are marked *