Learn about Homograph and IDN Homograph

Homograph

First, let us understand about homograph and what it is. A homograph is a word that looks and spells the same way but with different meanings. Let’s take a prevalent word from the dictionary, for example, “fine,” which is used as ‘very good,’ and according to the situation, it can also be used as ‘a sum to settle any matter.’

Similarly, in terms of computing, using several fonts, we can create different words that look the same, but the system will reject that those words are the same. Let’s check some of the names for an example:

This image has an empty alt attribute; its file name is IMG_20201105_205355-1024x300.jpg
Source: AhteVirus

Doesn’t the word looks the same?

But now the first word is the correct one, and the second word is not the correct one. If we focus on the second word, the first alphabet ‘m’ is not what it looks as instead of ‘m’,’r’ and ‘n’ is used which if a person will not focus or have weak eyesight, then it’s impossible to figure out the difference.

This image has an empty alt attribute; its file name is IMG_20201105_205339-1024x231.jpg
Source: AhteVirus

Are these both the same?

Here also in the second word, instead of “L” the capital case of “i” has been used. Yes, the creation of these words is known as Homograph. 

How does IDN Homograph Attack work?

IDN is an acronym of Internationalized Domain Name, also known as a spoofing attack. You should know about domain names, as those domain names need to be registered. For example, my registered domain name ”ahtevirus.tech”. As my domain is written in the english language, it is also possible to register domain names with different languages and ASCII values. There are several alphabets available in various languages that match with some other alphabets with varying meanings like ‘O’ in Cyrillic, Greek, Latin is not assigned as the same code.

This differentiation provides a significant advantage for hackers. Using such differentiation, black hat hackers create similar looking sites, use such websites for phishing attacks, and gather several data like the target’s login credentials and other sensitive information. And this method of phishing is known as the IDN Homograph attack.

Several individuals are aware of Phishing Attacks

In this era, when phishing attacks became common, most literate populations are aware of such attacks. However, an IDN Homograph attack isn’t something that everyone can recognize. As in the IDN Homograph attack, the hackers use very similarly and hard to remember domain names, with that the website also consists of SSL certification, because of which the ‘https’ assures the target that the site is trustworthy and safe. That is where the hacker succeeds.

How to check about the site’s reality?

The concept of IDN Homograph Attack is spooky, and the main question arises on how to know the reality of the website. To figure out whether the website is genuine or a fake one, always check the SSL certificate of the website, and if you find that the website is real, then only continue to input your password else you are brilliant.

How to check the SSL certificate?

To check the SSL certificate, it isn’t a significant process to check out the SSL certificate. If you are reading this tutorial on Chrome browser’s desktop version, then follow these steps:

  1. Upside there, you can see several tabs, and below that, in the search bar, you can find the link address to this blog.
  2. Besides that link address on the left side, there is a lock icon.
  3. Click on the lock icon. Where you will find “Connection is secure.”
  4. Below the secure tag, there is a button named “Certificate”.
  5. Click on the button.
  6. Now in the general tab, you find “Issued to”
  7. Below that there a “Common Name (CN)” is provided.
  8. If the site is authentic, the common name will consist of the actual domain name. Else, you will find the reality of the website.

Now for those users who are reading this content on Chrome browser’s mobile version, follow these steps:

  1. At the top of the page, you will find the blog address.
  2. Besides the address on the left side, a lock icon is available.
  3. Tap on the lock icon, where you will see a tag “connection is secure.”
  4. Now, tap on “Details.”
  5. Below the domain name, you will find “Certificate information”.
  6. Tap on the Certificate information.
  7. Below the ahtevirus.tech tab, you will find “ISSUED TO”.
  8. Below which, you can find Common Name (CN).
  9. If the site is authentic, the common name will consist of the actual domain name. Else, you will find the reality of the website.
How do attackers create such links?

For the creation of such links, there are several websites available on the web. For example, Irongeek, where we can use a free Homograph attack generator. Follow these steps:

  1. You will be asked to type your name.
  2. In the field, type the domain name you want to use.
  3. Now, you will find several alphabets related to your search.
  4. Select those alphabets which are similar to yours.
  5. After the selection below, you will find your Homographed name, which will look like the original name.
  6. Click on submit.
  7. And you will get the encoded name, which, if you register, you will be provided with the original name’s dummy.

However, Homograph is a grave matter, as everyone will not check the sites before inputting their values. Several browser companies like Chrome and Safari have fixed the issue, and we hope that every browser will fix this security issue in the future.

Tags:

Drop your perspective

Your email address will not be published. Required fields are marked *