Home Cyber Security Safari, six other browsers at risk of address bar spoofing, says report

Safari, six other browsers at risk of address bar spoofing, says report

In this attack, criminals trick users into sharing critical personal information through phishing websites that look legitimate

Seven mobile browsers, including Apple’s Safari, are vulnerable to address bar spoofing, revealed a report by cybersecurity firm Rapid7.

The firm worked with Rafay Baloch, a Pakistani security researcher, and disclosed 10 new address bar spoofing vulnerabilities across these apps. Address bar spoofing is a way by which fake websites modify real URLs and take them over. This way, users assume that they’re using legitimate sites and share information, but are actually getting phished.

While Safari, Opera Touch, Bolt Browser are at risk on iOS devices. Opera Mini, UC Browser, Yandex, and RITS are vulnerable on Android devices. “First and foremost, it is easy to persuade the victim into stealing credentials or distributing malware when the address bar points to a trusted website and gives no indicators of forgery. Secondly, since the vulnerability exploits a specific feature in a browser, it can evade several anti-phishing schemes and solutions,” commented Baloch.

The report shows how smartphones are more vulnerable to phishing and spoofing, and how this is a bigger risk for users. Smartphones are intrinsically tied to the daily life of users, across all applications. Any malicious activity can severely affect the user and their information.

Browsers on smartphones do not have much space to contain all security methods. There are no ways to validate sources of information, unlike PCs. “On phone browsers, sources begin and end with the URL as shown in the address bar. The fact of the matter is we don’t have much else to rely on,” revealed the report.

With minimal security indicators, many mobile browsers are at the risk of being affected. While Safari and Yandex came with immediate fixes, Opera released security updates for Opera Touch. Opera Mini will have these updates by early November. RITS browser plans to release fixes this week, while UC Browser and Bolt Browser haven’t commented on the issue yet.

The report states that this exploitation stems from “Javascript Shenanigans”. If the timing between page loads is messed with, the browser shifts to refreshing the address bar. This is the gap malware can take to put across pop-ups or content coming from arbitrary websites in browser windows. Address bar spoofing can lead to users sharing personal information like card details. Users are advised to cross check all links and emails before feeding information.


Please enter your comment!
Please enter your name here

Most Popular

5 most innovative gadgets launched in 2020

The year 2020 has been one of the most challenging years for everyone. But these challenges did not restrict technological innovation to amaze us....

RBI instructs HDFC Bank to halt the Digital 2.0 program

In a massive blow to HDFC Bank, the RBI (Reserve Bank of India) has instructed the private lender to temporarily halt its digital business...

Walmart’s Flipkart spins off digital payments arm PhonePe partially; valuation hits $5.5 billion

Flipkart, one of the most prominent e-commerce giants in India has announced the partial spin-off of PhonePe, its digital payments platform. In March of...

One UI 3.0: Here is when you can expect it on your Samsung phone

Samsung’s own custom interface on top of Android, One UI is on the verge of getting a new version 3.0. The company has been...

Recent Comments