From Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains

Zero Day Advisory Featured

Share

ADVISORY SUMMARY

Security researcher Matt Hamilton (a Bishop Fox alumnus, now with Soluble) published a new security advisory about homograph domain names on gTLDs (.com, .net, etc) as well as subdomains within some SaaS companies using homoglyph characters. The attack is similar to an IDN Homograph attack and presents all the same risks. An attacker could register a domain or subdomain which appears visually identical to its legitimate counterpart and perform social-engineering or insider attacks against an organization.
 

Hamilton announced that between 2017 and today, more than a dozen homograph domains have had active HTTPS certificates. This included prominent financial, internet shopping, technology, and other Fortune 100 sites.

In a partnership between Soluble and Bishop Fox, Verisign and SaaS services (Google, Amazon, Wasabi, DigitalOcean) were notified of the vulnerability and have received continuous updates on the ongoing research. The full disclosure timeline and technical details are available here.


Default fox headshot purple

About the author, Bishop Fox

This represents research and content from the Bishop Fox team.

More by Bishop

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.