What you see is not what you get - when homographs attack

Julio

29 min

29 min 2019-08-23

2019-08-23 2019-08-24

2019-08-24 293

293 Fahrplan

Playlists: 'camp2019' videos starting here

This talk offers a brief overview about homograph attacks, describes part of the mechanics behind the registration of homograph domains, highlights their risks and presents a chain of two practical exploits against Signal, Telegram and Tor Browser that could lead to nearly impossible to detect phishing scenarios and also situations where more powerful exploits could be used against an opsec-aware target.

Since the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN

over two decades ago, a series of brand new security implications were also brought into light together with the

possibility of registering domain names using different alphabets and Unicode characters.

This talk offers a brief overview about homograph attacks, describes part of the mechanics behind the registration of homograph domains, highlights their risks and presents a chain of two practical exploits against Signal, Telegram and Tor Browser that could lead to nearly impossible to detect phishing scenarios and also situations where more powerful exploits could be used against an opsec-aware target.

Historical security issues related to Unicode and confusable homographs, as well as other attack vectors not discovered by the author will also be explored in this presentation.

Download

Related

Embed Share:







Tags