Wednesday April 19, 2017

Punycode Exploit the Newest Phishing Attack

In the newest wave of phishing attacks, hackers have seemingly found a method to spoof SSL connected URLs using Punycode exploits. Said exploits are quite clever, and even the most careful user could fall susceptible to this attack.

By default, many web browsers use ‘Punycode’ encoding to represent unicode characters in the URL to defend against Homograph phishing attacks. Punycode is a special encoding used by the web browser to convert unicode characters to the limited character set of ASCII (A-Z, 0-9), supported by International Domain Names (IDNs) system.

News Image

By taking advantage of how Punycode translates Unicode characters, one is able to register highly valued domain names that a browser will translate into the desired spoof URL. By applying for TLS encryption, a very legitimate phishing attack can be hosted. Interestingly, while Firefox and Opera are susceptible to this problem, Internet Explorer, Microsoft Edge, and Safari are protected. Google Chrome will remedy the issue when version Canary 59 is finalized.

Update - 1:28 PM: Additional browser vulnerability clarifications added.