• Follow us

Technology

Mobile Chrome Hoax Could Target Android Users | Cybersecurity

By John P. Mello Jr. Apr 30, 2019 5:00 AM PT

A new method for hiding the true location of a website from users of the mobile Chrome Web browser has come to light.

Phishers can trick users into revealing their credentials for a legitimate website to operators of a malicious one, security researcher James Fisher reported in a post on his personal blog Saturday.

Scammers can exploit mobile Chrome's feature that hides the address bar when users are scrolling on a Web page by inserting an address bar that allows a fake site to pose as a legitimate one, such as that of a bank, Fisher explained.

Making matters worse, scammers can create a "scroll jail" that prevents users from seeing the true URL for the page even when they scroll to the top.

"The user thinks they're scrolling up in the page," Fisher wrote, "but in fact they're only scrolling up in the scroll jail! Like a dream in Inception, the user believes they're in their own browser, but they're actually in a browser within their browser."

Minor Issue

Although Fisher's discovery isn't good news for consumers, it seems to be a minor issue, because a Web page's true URL will appear in the address bar initially, noted Thomas Reed, director of Mac & Mobile at Malwarebytes, a cybersecurity software maker based in Santa Clara, California.

"It would require a very specific set of user behaviors to make this useful," he told TechNewsWorld. "I can see some people exhibiting those behaviors, though, so it's definitely an issue."

However, "I wouldn't consider this a serious threat, because users would just need to pay attention to the URL bar when they first visit the site," Reed said. "Honestly, I don't foresee this getting used much, if at all."

It's far easier for someone phishing for personal information to use a homograph attack, he pointed out. In that type of attack, a scammer takes a domain name and substitutes characters that at first glance look like the original characters. A zero might be substituted for the letter "O," for example, or a one for the letter "l."

The attack Fisher described is a proof-of-concept demonstration, not something found in a hacker's toolkit, said Cameron Palan, a senior threat research analyst at Webroot, an Internet security company in Broomfield, Colorado.

"This isn't an attack discovered in the wild and may never affect users if Chrome is updated quickly," he told TechNewsWorld.

Google, which owns Chrome, did not respond to our request to comment for this story.

Low ROI for Hackers

It's not likely that this phishing ploy poses a major threat to consumers, said Jonathan Tanner, a senior security researcher with Barracuda Networks, based in Campbell, California.

"The amount of technical ability and time required to successfully implement this will make it unlikely to be seen much in the wild, and Google -- and possibly other browser makers -- will undoubtedly patch this faster than the speed at which it could become a common sight for phishing pages," he told TechNewsWorld.

"I doubt the returns on implementing this method would be worth the work," he said. "It's unlikely that this technique alone would result in a significant increase in follow-through on the part of users being phished."

Unlike some browser attacks, this one isn't based on a vulnerability, observed Mounir Hahad, head of the threat lab for Juniper Networks, a network security and performance company based in Sunnyvale, California.

"This is trickery," he told TechNewsWorld.

"There is no way to force the download of malicious content, trigger a remote code execution or any malicious activity," Hahad said.

"This is just a visual trick that may make some people believe they are on a different website than the one they actually surfed to," he continued.

This type of trickery need not be limited to mobile Chrome, Hahad pointed out. "Other browsers and other operating systems have different implementations that may allow for a less sophisticated version of this trick."

Consumer Protect Thyself

While the fake address bar attack is designed to be stealthy, an alert consumer can identify it.

"Consumers can recognize this type of attack when the website in the address bar changes unexpectedly after scrolling down the Web page and doesn't seem to respond to interaction as expected," Hahad explained.

"Tap the bar to test it," Webroot's Palan added. "The fake one is nonfunctional. Also, the number of current tabs displayed on the fake bar will not likely match your own."

Once a user starts scrolling down the page, distinguishing the fake browser from the real browser can be very difficult, noted Paul Bischoff, a privacy advocate for Comparitech, a reviews, advice and information website for consumer security products based in Maidstone, Kent, UK.

"The best way to spot the fake is to take note of the real page URL before scrolling down," he told TechNewsWorld.

Consumers should be wary of links that lead to login screens, Barracuda's Tanner advised.

"Better yet, manually type in the full and correct URL for any site that a you want to login to. That should be sufficient for users to protect themselves," he recommended.

"While novel, this attack is not particularly significant and won't likely be used much in the wild so general security measures are sufficient," Tanner added.

Growing Problem

If faking an address bar the way Fisher described were to catch on in phishing circles, it would be a bit of an anomaly.

"Most phishing campaigns are platform-agnostic," Bischoff said. "It doesn't matter whether you encounter them on mobile or desktop."

Phishing attacks are very widespread on mobile devices, Malwarebytes' Reed noted.

"However, one advantage mobile device users have is the availability of apps for most sites that attackers would want to mimic," he said.

"For example, if you are a Bank of America customer, you'd be more likely to use the Bank of America app than the Bank of America website on your mobile device," Reed pointed out.

"Still, if an attacker can get a mobile user to tap a link, they can still snare plenty of victims," he said.

Phishing attacks on mobile devices likely are on the rise due to the rapid growth in the sector, explained Jonathan Olivera, a threat analyst with Centripetal Networks, a cybersecurity solutions provider in Herdon, Virginia.

"The bad actors will always follow the areas that have the most users," he told TechNewsWorld.

"The mobile platforms and application developers have an incentive to produce as many products as feasible to satisfy their user base," Olivera said, "which results in security vulnerabilities in many of them."

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Read More



Leave A Comment

More News

TechNewsWorld

Elive Elevates Linux With Enlightenment 2019-05-10 12:41:37The Elive distro's integration of the Debian Linux base and the Enlightenment desktop is a powerful combination. Together, they offer a unique comput

Baltimore Held Hostage in 2nd Ransomware Attack 2019-05-10 08:00:00Baltimore officials have admitted that the city government once again has been victimized by ransomware -- the second such attack in just over a year.

Microsoft Becomes Master of Its Own Linux Kernel 2019-05-09 11:56:13Microsoft has announced that its own full Linux kernel will power WSL2, the newest version of the Windows Subsystem for Linux. This marks the first ti

Review Roundup: Pixel 3a Wins Kudos for Cameras, 2019-05-09 08:00:00Google's Pixel 3a smartphone, launched at Google's 2019 I/O developer conference, has wowed reviewers with the quality of its photos and other featu

Google Showcases AI, Preaches Privacy at I/O Keynote 2019-05-08 08:00:00Google showed off its chops in AI and ML, renewed its commitment to giving users greater control over their data, and introduced a new economically pr

Get Ready for Feature Deluge at Apple's WWDC 2019-05-07 08:00:00Apple plans to introduce a boatload of new apps, features and development tools at WWDC next month, according to a report. As it does every year, Appl

Facial Recognition and the Fight for Diversity 2019-05-06 13:22:06I spent a good deal of my educational and early career as an analyst doing research at scale. In fact, the way I got into the executive resources pro

POP!_OS Makes Classic GNOME Simpler to Use 2019-05-03 12:29:55Are you Looking for a hassle-free Linux OS that is very user-friendly and extremely stable? Pop!_OS from System76 is a prime candidate to fit that ord

No Easy Decision: Choosing Between Pay-TV Services 2019-05-03 08:00:00Many consumers in recent years have opted to cut the cord -- that is, to ditch cable or satellite TV and instead rely on OTT streaming services for th

Cybersecurity Pros Join 'Right to Repair' Battle 2019-05-02 08:00:00An advocacy organization formed by cybersecurity professionals has joined the fight for "right to repair" legislation, which would allow consumers a

Red Flag Flying Over Flagship Phones 2019-05-01 08:00:00These could be the worst of times for high-end flagship smartphones. Google CEO Sundar Pichai told Alphabet shareholders that his company's flagship

Mobile Chrome Hoax Could Target Android Users 2019-04-30 08:00:00A new method for hiding the true location of a website from users of the mobile Chrome Web browser has come to light. Phishers can trick users into re

PCWorld

Huawei devices disappear from Microsoft Store and Best 2019-05-21 15:24:00Microsoft appears to have pulled Huawei's Matebook X Pro from its online shelves, and Best Buy, too, has followed suit. Huawei phones and devices are

Windows 10 May 2019 Update review: Sandbox and 2019-05-21 15:23:00Microsoft’s Windows 10 May 2019 Update offers some badly needed improvements to Windows Update, a much speedier search function, and troubl

Microsoft's Windows 10 May 2019 Update is live—here's 2019-05-21 14:30:00Microsoft said Tuesday that it has begun making the Windows 10 May 2019 Update generally available, though the company said that it will take a &ldquo

Firefox 67 arrives with faster performance and enhanced 2019-05-21 13:22:00Mozilla released Firefox version 67 on Tuesday, promising that the browser is 40 to 80 percent faster compared to a year ago. Firefox 67 also ships wi

Apple upgrades processors in MacBook Pro, 8-core 15-inch 2019-05-21 13:00:00Apple's MacBook Pro now features eight- and ninth-generation Intel Core procesors.

The powerful, feature-packed Neato Botvac D6 Connected gets 2019-05-21 11:08:00Using a robot vacuum to care for your home not only makes you look cool, but adds some hands-free convenience to your cleaning routine. Of course, the

Observation review: Old science fiction meets New Weird 2019-05-21 10:00:00The camera whirs into focus. Distorts. Whirs into focus again. Scanlines and static make the scene hard to process at first, but they slowly fade. The

How Google's Huawei license ban could change Android 2019-05-21 09:20:00A bad month has just gotten a whole lot worse for Huawei. According to a Reuters report and confirmed by the two companies, Google is preparing t

Amazon's huge one-day PC sale slashes prices on 2019-05-21 09:17:00Amazon’s current one-day sale is one you don’t want to miss if you’re on the lookout for fresh PC gear. The online retailer is dropp

Vizio 2019 product showcase: The value-oriented manufacturer has 2019-05-21 09:00:00Vizio TVs and soundbars get better every year while maintaining down-to-earth prices, which is great news for consumers.

RoomMe promises to make your smart home more 2019-05-21 09:00:00This ceiling-mounted occupancy sensor triggers smart home devices based on who enters the room.

Windows Sandbox: How to use Microsoft's simple virtual 2019-05-21 06:46:00Microsoft may be positioning its upcoming, easy-peasy Windows Sandbox within the Windows 10 May 2019 Update as a safe zone for testing untrusted appli

FOX News

Cybersecurity experts warn Baltimore to stop 'playing' with 2019-05-20 14:13:00Cybersecurity experts say Baltimore is playing with fire as a deadline to pay thousands of dollars in ransom to hackers holding several of the city's

Your phone is spying? The truth behind the 2019-05-20 14:10:39Almost everyone has an eerie a tale to tell. Perhaps you’ve been talking to a friend about an island vacation, when suddenly deals for the Maldi

Google's Eric Schmidt: Breaking up Big Tech would 2019-05-20 13:52:05The former chairman and chief executive of Google said that calls for breaking up the tech giant have "no basis in law" and would harm consumers by

Apple's Tim Cook takes apparent swipe at Facebook, 2019-05-20 11:49:41Apple CEO Tim Cook told graduating students at Tulane University that it was their job to remake the world and leave it better for humanity -- while a

Apple, Google, Amazon, Microsoft sued over 'massive music 2019-05-20 11:12:00Visit any of the major digital music stores and you'll find unauthorized copies of songs for sale and streaming.

Apple’s new Powerbeats are the biggest threat to 2019-05-20 10:30:57The biggest threat to the dominance of AirPods is coming from within Apple.

Google exec's all-staff email on internal data seen 2019-05-20 10:12:15Amidst a wave of employee organizing, Google's top legal executive sent an all-staff email telling employees that accessing certain "need to know"

Air Force preps light attack plane for combat 2019-05-20 08:14:59Despite the Air Force’s stated intention and the widespread assumption that a low-cost off-the-shelf Light Attack airplane would primarily perfo

Facebook's Sheryl Sandberg pushes back on calls for 2019-05-19 14:38:37Facebook COO Sheryl Sandberg said recent calls for the tech giant to be broken up won't address the issues that have prompted a backlash against Big

FBI warns on Chinese embassy scam, losses total 2019-05-19 08:00:33The Oregon office of the FBI issued an advisory this week on an ongoing scam that has resulted in losses totaling tens of millions of dollars.

FBI seizes dark web resource site, major facilitator 2019-05-11 08:00:54The FBI has shut down a shadowy website that helps criminals monetize contraband and launder money on the web.

10 mistakes people make online 2019-05-11 06:00:18Ever click something in an email or on the web and right afterward thought, “Boy, that was dumb.” You’re not alone. Every week on my

TechCrunch

KaiOS raises $50M more, hits 100M handsets powered 2019-05-22 09:04:47While Android and iOS have locked up the market for smartphone operating systems, a feature phone platform that has the distinction of being the world

Roku launches new ad tool to compare linear 2019-05-22 09:00:20Roku has been getting more serious about its ad business, and today it’s launching a new tool designed to make advertisers comfortable with movi

Apple has a plan to make online ads 2019-05-22 09:00:18For years, the web has been largely free thanks to online ads. The problem is that nobody likes them. When they’re not obnoxiously taking over y

Throw out your diary, Jour is a new 2019-05-22 09:00:10Don't worry, it's encrypted.

Zendesk acquires Smooch, doubles down on support via 2019-05-22 08:30:58One of the bigger developments in customer services has been the impact of social media — both as a place to vent frustration or praise (mostly

Loot, the UK digital current account for students 2019-05-22 08:01:10Loot, the digital current account aimed at students and millennials, has called in administrators after appearing to have run out of cash. According t

London’s Tube network to switch on wi-fi tracking 2019-05-22 08:00:56Transport for London will roll out default wi-fi device tracking on the London Underground this summer, following a trial back in 2016. In a press rel

Agtech startup Agrilyst is now Artemis, raises $8M 2019-05-22 08:00:55Artemis, the ag-tech startup formerly known as Agrilyst, today announced that it has raised an $8 million Series A funding round. The round was co-led

Indonesia restricts WhatsApp, Facebook and Instagram usage following 2019-05-22 05:12:15Indonesia is the latest nation to hit the hammer on social media after the government restricted the use of WhatsApp and Instagram following deadly ri

Facebook found hosting masses of far right EU 2019-05-22 04:50:58A multi-month hunt for political disinformation spreading on Facebook in Europe suggests there are concerted efforts to use the platform to spread bog

Tencent CEO warns companies must keep innovating to 2019-05-22 02:54:42On Tuesday, Tencent’s usually low-profile founder and CEO Pony Ma made rare comments to weigh in on escalating tensions between the United State

In Ford’s future, two-legged robots and self-driving cars 2019-05-22 02:29:48Autonomous vehicles might someday be able to navigate bustling city streets to deliver groceries, pizzas, and other packages without a human behind th

Electrek

Tesla brings back Free Unlimited Supercharging again to 2019-05-21 19:16:16 After moving away from its free Supercharging model due to sustainability concerns, Tesla is now again bringing back free Unlimited Supercharging as

Tesla Autopilot suggests lane change into oncoming traffic 2019-05-21 13:44:52 Tesla’s Navigate on Autopilot feature, which enables autonomous lane change on the highway, has suggested a lane change into oncoming traffic f

Self-driving trucks hauling USPS mail between Phoenix and 2019-05-21 13:20:59 USPS mail is being hauled across the Southwest in self-driving trucks over the next few weeks as part of a new pilot program. more… Subscribe

Ecobee smart thermostats w/ HomeKit from $120, LED 2019-05-21 13:15:49 Today only, Woot offers the ecobee3 lite Smart Thermostat for $119.99. Regularly $169, today’s deal is at least $30 off the current price

BMW said to favor all-electric for next-gen i8 2019-05-21 11:43:22 BMW is leaning toward making its next-generation i8 sports car an all-electric model, according to a new report. more… Subscribe to Electrek

Apple tried to buy Tesla for more than 2019-05-21 10:39:49 Apple reportedly offered to buy Tesla at around $240 per share back in 2013. The bid from six years ago is now being reported as Tesla’s share

Honda now taking reservations for Honda e with 2019-05-21 10:05:33 Honda is now taking reservations for its upcoming all-electric Honda e urban car in four European markets. more… Subscribe to Electrek on You

Tesla cuts base price of new Model S 2019-05-21 09:50:59 Tesla significantly reduced the base price today of its newly upgraded Model S and Model X vehicles that launched just a month ago. more… Subs

EGEB: Minnesota’s Xcel Energy to close coal and 2019-05-21 09:05:54 In today’s EGEB: Xcel Energy shifting to solar — and more — as it plans to phase out coal in Minnesota by 2030. Construction has st

Tesla is finally starting to expand rollout of 2019-05-21 05:30:53 Tesla is finally starting to expand the rollout of its new more powerful Supercharger V3 stations a few months after unveiling the latest generation

Unu launches affordable 2nd gen electric scooter with 2019-05-21 00:01:13 Unu, one of Europe’s leading budget electric scooter companies, has a brand new ride. Unu just launched their second generation electric scoote

Tesla Model X ‘flies off’ guard rail, ends 2019-05-20 18:47:53 A Tesla Model X “flew off” a guard rail on the highway and ended up in doing a funny balancing act on its battery pack. more… Subs


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.