A Quick Guide to the IDN Homograph Attack By Blackhat Paksitan 2023
In this article we will learn about Guide to the IDN Homograph Attack.
Introduction to Guide to the IDN Homograph Attack
An IDN (Internalized Domain Name) homographic attack, also known as “homoglyph” and “script spoofing”, is a method in which an attacker tricks victims into believing that the page they are visiting is genuine.
Attackers take advantage of this by placing domains whose names contain more or less similar characters resembling real characters: for example, they use a zero instead of an O. Because of the similar characters, the victim tends to believe that he is visiting a real website. and finally they provide credit card details, login details and so on to these fake sites.
In short, attackers are able to register similar domain names by exploiting the similar appearance of certain characters in English, Chinese, Latin and Greek or other scripts.
Also read:BIOS/UEFI Forensics:Firmware Acquisition and Analysis Appr0aches
Use of homograph attacks
The character is seen differently by the browser and the user. This is due to the fact that computers support multilingual logical characters; therefore, it is very easy to make the user confused.
One example of such attacks is the use of alphabetic characters. Cyrillic, whose characters resemble some other letters in the Latin alphabet (for example, the alphabetic letter that makes the sound of V look like a Latin B), can easily be used to forge domain names.
Generating IDN homograph attacks
We can use many online tools to generate similar domains. Most of them create homoglyphs using similar Unicode characters.
Real-time attack scenario
First visit this URL: infosecinstitute.com. You will probably be redirected to the home page of this website.
Now visit this URL: infoοѕecinstitute.com. You will be redirected to http://xn--nfsecnstitute-fpj5fx045a.com/
Surprised? This is exactly what attackers do. They simply register a new domain and then trick you into believing you’re on a real site. The spoof website can then obtain passwords and other personal information.
Defense against homograph attacks
Most defenses against homograph attacks involve displaying IDNs (Internalized Domain Names) in Punycode format, drastically reducing phishing opportunities. Both Chrome and Firefox have taken appropriate precautions in their algorithms. ICANN has implemented a policy that prevents the registration of domains similar to existing domains.
Although homograph attacks have now decreased, there are still endless possibilities for attackers to develop more complex spoofing domains. Ultimately, it is up to the user to keep their eyes open for any dangers on the World Wide Web.