• Follow us

Technology

Mobile Chrome Hoax Could Target Android Users | Cybersecurity

By John P. Mello Jr. Apr 30, 2019 5:00 AM PT

A new method for hiding the true location of a website from users of the mobile Chrome Web browser has come to light.

Phishers can trick users into revealing their credentials for a legitimate website to operators of a malicious one, security researcher James Fisher reported in a post on his personal blog Saturday.

Scammers can exploit mobile Chrome's feature that hides the address bar when users are scrolling on a Web page by inserting an address bar that allows a fake site to pose as a legitimate one, such as that of a bank, Fisher explained.

Making matters worse, scammers can create a "scroll jail" that prevents users from seeing the true URL for the page even when they scroll to the top.

"The user thinks they're scrolling up in the page," Fisher wrote, "but in fact they're only scrolling up in the scroll jail! Like a dream in Inception, the user believes they're in their own browser, but they're actually in a browser within their browser."

Minor Issue

Although Fisher's discovery isn't good news for consumers, it seems to be a minor issue, because a Web page's true URL will appear in the address bar initially, noted Thomas Reed, director of Mac & Mobile at Malwarebytes, a cybersecurity software maker based in Santa Clara, California.

"It would require a very specific set of user behaviors to make this useful," he told TechNewsWorld. "I can see some people exhibiting those behaviors, though, so it's definitely an issue."

However, "I wouldn't consider this a serious threat, because users would just need to pay attention to the URL bar when they first visit the site," Reed said. "Honestly, I don't foresee this getting used much, if at all."

It's far easier for someone phishing for personal information to use a homograph attack, he pointed out. In that type of attack, a scammer takes a domain name and substitutes characters that at first glance look like the original characters. A zero might be substituted for the letter "O," for example, or a one for the letter "l."

The attack Fisher described is a proof-of-concept demonstration, not something found in a hacker's toolkit, said Cameron Palan, a senior threat research analyst at Webroot, an Internet security company in Broomfield, Colorado.

"This isn't an attack discovered in the wild and may never affect users if Chrome is updated quickly," he told TechNewsWorld.

Google, which owns Chrome, did not respond to our request to comment for this story.

Low ROI for Hackers

It's not likely that this phishing ploy poses a major threat to consumers, said Jonathan Tanner, a senior security researcher with Barracuda Networks, based in Campbell, California.

"The amount of technical ability and time required to successfully implement this will make it unlikely to be seen much in the wild, and Google -- and possibly other browser makers -- will undoubtedly patch this faster than the speed at which it could become a common sight for phishing pages," he told TechNewsWorld.

"I doubt the returns on implementing this method would be worth the work," he said. "It's unlikely that this technique alone would result in a significant increase in follow-through on the part of users being phished."

Unlike some browser attacks, this one isn't based on a vulnerability, observed Mounir Hahad, head of the threat lab for Juniper Networks, a network security and performance company based in Sunnyvale, California.

"This is trickery," he told TechNewsWorld.

"There is no way to force the download of malicious content, trigger a remote code execution or any malicious activity," Hahad said.

"This is just a visual trick that may make some people believe they are on a different website than the one they actually surfed to," he continued.

This type of trickery need not be limited to mobile Chrome, Hahad pointed out. "Other browsers and other operating systems have different implementations that may allow for a less sophisticated version of this trick."

Consumer Protect Thyself

While the fake address bar attack is designed to be stealthy, an alert consumer can identify it.

"Consumers can recognize this type of attack when the website in the address bar changes unexpectedly after scrolling down the Web page and doesn't seem to respond to interaction as expected," Hahad explained.

"Tap the bar to test it," Webroot's Palan added. "The fake one is nonfunctional. Also, the number of current tabs displayed on the fake bar will not likely match your own."

Once a user starts scrolling down the page, distinguishing the fake browser from the real browser can be very difficult, noted Paul Bischoff, a privacy advocate for Comparitech, a reviews, advice and information website for consumer security products based in Maidstone, Kent, UK.

"The best way to spot the fake is to take note of the real page URL before scrolling down," he told TechNewsWorld.

Consumers should be wary of links that lead to login screens, Barracuda's Tanner advised.

"Better yet, manually type in the full and correct URL for any site that a you want to login to. That should be sufficient for users to protect themselves," he recommended.

"While novel, this attack is not particularly significant and won't likely be used much in the wild so general security measures are sufficient," Tanner added.

Growing Problem

If faking an address bar the way Fisher described were to catch on in phishing circles, it would be a bit of an anomaly.

"Most phishing campaigns are platform-agnostic," Bischoff said. "It doesn't matter whether you encounter them on mobile or desktop."

Phishing attacks are very widespread on mobile devices, Malwarebytes' Reed noted.

"However, one advantage mobile device users have is the availability of apps for most sites that attackers would want to mimic," he said.

"For example, if you are a Bank of America customer, you'd be more likely to use the Bank of America app than the Bank of America website on your mobile device," Reed pointed out.

"Still, if an attacker can get a mobile user to tap a link, they can still snare plenty of victims," he said.

Phishing attacks on mobile devices likely are on the rise due to the rapid growth in the sector, explained Jonathan Olivera, a threat analyst with Centripetal Networks, a cybersecurity solutions provider in Herdon, Virginia.

"The bad actors will always follow the areas that have the most users," he told TechNewsWorld.

"The mobile platforms and application developers have an incentive to produce as many products as feasible to satisfy their user base," Olivera said, "which results in security vulnerabilities in many of them."

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Read More



Leave A Comment

More News

TechNewsWorld

Elive Elevates Linux With Enlightenment 2019-05-10 12:41:37The Elive distro's integration of the Debian Linux base and the Enlightenment desktop is a powerful combination. Together, they offer a unique comput

Baltimore Held Hostage in 2nd Ransomware Attack 2019-05-10 08:00:00Baltimore officials have admitted that the city government once again has been victimized by ransomware -- the second such attack in just over a year.

Microsoft Becomes Master of Its Own Linux Kernel 2019-05-09 11:56:13Microsoft has announced that its own full Linux kernel will power WSL2, the newest version of the Windows Subsystem for Linux. This marks the first ti

Review Roundup: Pixel 3a Wins Kudos for Cameras, 2019-05-09 08:00:00Google's Pixel 3a smartphone, launched at Google's 2019 I/O developer conference, has wowed reviewers with the quality of its photos and other featu

Google Showcases AI, Preaches Privacy at I/O Keynote 2019-05-08 08:00:00Google showed off its chops in AI and ML, renewed its commitment to giving users greater control over their data, and introduced a new economically pr

Get Ready for Feature Deluge at Apple's WWDC 2019-05-07 08:00:00Apple plans to introduce a boatload of new apps, features and development tools at WWDC next month, according to a report. As it does every year, Appl

Facial Recognition and the Fight for Diversity 2019-05-06 13:22:06I spent a good deal of my educational and early career as an analyst doing research at scale. In fact, the way I got into the executive resources pro

POP!_OS Makes Classic GNOME Simpler to Use 2019-05-03 12:29:55Are you Looking for a hassle-free Linux OS that is very user-friendly and extremely stable? Pop!_OS from System76 is a prime candidate to fit that ord

No Easy Decision: Choosing Between Pay-TV Services 2019-05-03 08:00:00Many consumers in recent years have opted to cut the cord -- that is, to ditch cable or satellite TV and instead rely on OTT streaming services for th

Cybersecurity Pros Join 'Right to Repair' Battle 2019-05-02 08:00:00An advocacy organization formed by cybersecurity professionals has joined the fight for "right to repair" legislation, which would allow consumers a

Red Flag Flying Over Flagship Phones 2019-05-01 08:00:00These could be the worst of times for high-end flagship smartphones. Google CEO Sundar Pichai told Alphabet shareholders that his company's flagship

Mobile Chrome Hoax Could Target Android Users 2019-04-30 08:00:00A new method for hiding the true location of a website from users of the mobile Chrome Web browser has come to light. Phishers can trick users into re

PCWorld

Best power banks of 2019: The top USB 2019-05-10 19:11:00Anyone who uses a smartphone knows the importance of carrying a backup power bank. But given the large number of options on Amazon, you might feel ove

PCWorld's April Digital Magazine: Meet ConceptD, Acer's new 2019-05-10 18:45:00Stay on top of the latest tech with PCWorld’s Digital Magazine. Available as single copies or as a monthly subscription, it highlights the best

Thermaltake reveals a monstrous, RGB-laden $1,200 motorized desk 2019-05-10 16:32:00Thermaltake’s escalating the war to RGB all the things. We’ve already got graphics cards, motherboards, cases, and heck, even SSDs loaded

How Windows and Chrome quietly made 2019 the 2019-05-10 15:12:00After years of endless jokes, 2019 is truly, finally shaping up to be the year of Linux on the desktop. Laptops, too! But most people won’t know

This week in games: John Wick tactics, a 2019-05-10 15:00:00Can you feel that? It’s E3, right around the corner—meaning the slow parade of game announcements starts now of course, about a month befo

Windows 10 May 2019 Update: The best hidden 2019-05-10 12:22:00The Windows 10 May 2019 Update offers many small improvements and subtle changes that may fly under the radar of our full review. But you never know&m

RCA's 100th anniversary Android phone is the Victrola 2019-05-10 11:46:00If you though RCA and its red-and-white cables died in the 90s, you’d be mistaken. In fact, the company is celebrating its 100th anniversary wit

Supercharge your PC or Mac's storage with WD's 2019-05-10 11:11:00Running out of storage space sucks, yet modern PCs often come equipped with itty-bitty SSDs that cry “Uncle!” after installing a few games

Learn how to get certified in Microsoft Azure 2019-05-10 10:05:00You may be surprised to learn that AWS isn’t the only cloud solution out there. In fact, Microsoft has their own cloud platform that’s sur

AMD's powerful Ryzen processors are on sale for 2019-05-10 09:44:00Now’s a great time to pick-up an AMD processor as the basis for a sweet (and affordable) PC build. Amazon and Walmart just dropped the prices on

The best free PC games 2019-05-10 08:52:00Worth the price of admissionImage by RespawnThere was a time when “free-to-play” was a dirty term in the games industry. There are st

Anker PowerCore+ 19000 PD review: Fresh design and 2019-05-10 06:30:00Battery packs have become commonplace. These small power banks are easy to carry and make it possible to top off a phone or tablet—and more rece

FOX News

10 mistakes people make online 2019-05-11 06:00:18Ever click something in an email or on the web and right afterward thought, “Boy, that was dumb.” You’re not alone. Every week on my

Rare, original iPod on sale for $20G 2019-05-10 11:22:06A rare, unopened first-edition of an Apple iPod is listed for sale on eBay for a whopping $20,000.

What it's like to fire the 30mm cannon 2019-05-10 09:51:26It looked like streaming balls of fire lighting up the air, accompanied by a very loud noise, smoke and the sight of a large fiery explosion on the ot

US Senators call for FTC probe of Amazon's 2019-05-10 09:35:00Several US senators are asking Amazon for more information about its Echo Dot Kids Edition, which advocacy groups claim violates kids' digital privac

Farrakhan rails against ‘Satanic Jews’ in wake of 2019-05-10 09:31:50Louis Farrakhan spoke at a Catholic church Thursday night in the wake of his Facebook ban and denied that he hates Jewish people while ranti

Google launches tools to help military spouses find 2019-05-10 05:00:51Google has launched a new set of tools designed to help military spouses find opportunities for remote working.

Steve Jobs' legacy lives on: Rare Apple-1 computer 2019-05-09 15:16:08A rare working Apple 1, the computer that began the legacy of Steve Jobs and Apple, is set to go up for auction later this month and experts believe i

Facebook co-founder Chris Hughes says company should be 2019-05-09 13:15:32Chris Hughes, who helped Mark Zuckerberg create the company that eventually becameFacebook Inc., is calling for the social-media giant to be

Microsoft harnesses AI to make Word politically correct 2019-05-09 11:54:06Microsoft is harnessing the power of artificial intelligence to boost the use of “inclusive language” in Word.

Humanoid robot crosses balance beam with ease in 2019-05-09 11:11:43How did the robot cross over the creek?

TechCrunch

From crypto winter to crypto weirder 2019-05-12 19:00:57Captain Kirk and neo-Dadaists. Repugnant markets and legendary cryptographers. “Digital couture” auctioned by CryptoKitties developers. Di

CO2 in the atmosphere just exceeded 415 parts 2019-05-12 18:43:14The human race has broken another record on its race to ecological collapse. Congratulations humanity! For the first time in human history — not

Two years after WannaCry, a million computers remain 2019-05-12 17:37:43Two years ago today, a powerful ransomware began spreading across the world. WannaCry spread like wildfire, encrypting hundreds of thousands of comput

Hotstar, Disney’s Indian streaming service, sets new global 2019-05-12 16:47:19Indian video streaming giant Hotstar, owned by Disney, today set a new global benchmark for the number of people an OTT service can draw to a live eve

Where cannabis investors see the next big wave? 2019-05-12 16:46:44Women and seniors are joining the cannabis movement, and that’s presenting new investing opportunities, according to a panel of cannabis investo

Friend portability is the must-have Facebook regulation 2019-05-12 13:35:08Choice for consumers compels fair treatment by corporations. When people can easily move to a competitor, it creates a natural market dynamic coercing

Week-in-Review: Google impersonates Apple and Bezos eyes the 2019-05-12 08:00:19After Mark Zuckerberg’s privacy mea culpa at F8 last week, Google got its turn at I/O to promise consumers that their data wasn’t going an

After burning through $1 billion, Jawbone’s Hosain Rahman 2019-05-11 18:22:49Not everyone gets a second chance in Silicon Valley. Entrepreneur Hosain Rahman has been given many more than that. Though his last company, Jawbone,

As a founder, I mistook my work for 2019-05-11 16:03:48These days, most days are good days. My clients are founder and executives, I set my own schedule, and I live in a city I love. As an executive coach

HTC introduces a cheaper blockchain phone, opens Zion 2019-05-11 15:00:32Happy Blockchain Week to you and yours. HTC helped kick off this important national holiday by announcing the upcoming release of the HTC Exodus 1s. T

EC-exclusive interview with Tim Cook, Slacklash, and tech 2019-05-11 14:00:31An EC-exclusive interview with Apple CEO Tim Cook TechCrunch editor-in-chief Matthew Panzarino traveled to Florida this week to talk with Tim Cook abo

Cat vs best and worst robot vacuum cleaners  2019-05-11 14:00:08If you’ve flirted with the idea of buying a robot vacuum you may also have stepped back from the brink in unfolding horror at the alphabetic sou

Thetechhacker

Analytics firm Ranwave sued by Facebook for misuse 2019-05-11 07:41:03Last year, Facebook revealed that its data was misused by an analytics firm named Cambridge Analytica. This data was then used to target audience for

Motorola One Vision to come with 21:9 aspect 2019-05-11 07:07:17Motorola has not had the best of times in the smartphone industry recently. Ever since Lenovo acquired Motorola, we have not seen the best of smartpho

Everything you need to know about Android Q 2019-05-10 06:40:23Google’s I/O 2019 wrapped up last night at the Shoreline Amphitheatre after running for 3 days. However, Google already announced all the import

Samsung Galaxy Fold’s release date will be announced 2019-05-10 05:56:55Samsung has finally fixed the problems that it has with the Galaxy Fold. In an official interview given by Samsung CEO DJ Koh, he says that the Galaxy

Best Airtable alternatives with powerful features 2019-05-10 02:23:57When it comes to project management there are several tools available online with a nice set of organizational features. One of the finest product is

Android Q Beta 3 now available with Dark 2019-05-09 07:31:28Google I/O 2019 is officially underway and we have already found out what’s to come from Google this year thanks to the keynote. At the keynote,

Here are the top important announcements at Google 2019-05-09 06:49:46Google I/O 2019 is the 11th annual developer conference from Google. At this event, Google announces all the new things and developments taking place

Google announces Pixel 3a series starting at just 2019-05-09 06:16:25Currently, Google I/O 2019 is taking place in the US. This is the event or developer conference where Google announces what it will release this year.

KISSIN Portable Silicon Brush Paw Cleaner for Dogs 2019-05-09 03:47:43We know that hygiene is very important for everyone. In our everyday life, we wash our hands as well as brush teeth and do other things for tidying yo

Looking Photoshop for Android? Here are the best 2019-05-08 05:51:01Nowadays, with the improvements in smartphone cameras, a lot of people tend to use their smartphones for photography. Of course, it may not match the

Best Digital Storytelling Tools 2019-05-07 12:44:24By definition, a digital story is a series of images accompanied by text or a soundtrack that tells a story. The genre varies and can range anywhere f

UK Researcher Which? claims Apple is overstating its 2019-05-07 07:38:51Apple is known for its production quality as well as design and performance in all of their products. However, Apple’s iPhones are claimed as th

SlashGear

Google Pixel 3a shows us high-end phones are 2019-05-11 05:58:40Humanity’s obsession over edge-to-edge bezels, triple cameras and future-proofed specs has brought about the inevitable, to quote Thanos. But in

Fortnite Summer Block Party will happen in Los 2019-05-10 19:52:03Epic Games will host its first ever Fortnite Summer Block Party this June, giving players the chance to gather together, meet their favorite streamers

Boeing shares Starliner parachute test video ahead of 2019-05-10 18:58:08Boeing has shared new video clips of parachute tests related to its Starliner spacecraft, providing the public with a behind-the-scenes look at these

Amazon targets toxic school supplies following Washington AG 2019-05-10 18:07:13Washington Attorney General Bob Ferguson has announced that Amazon will target toxic school supplies after many were allegedly found for sale on its p

Lyft tests long-term car rentals as new transportation 2019-05-10 16:49:25Ridesharing services like Lyft reduce the need to own a vehicle for customers located in big cities, but there are occasions when ordering a car is le

WWDC 2019 might be a sad show for 2019-05-10 16:08:49WWDC 2019 is right around the corner, and though the show will likely hold some surprises, one topic that’s sure to come up is iOS 13. It’

How many daily cups of coffee are safe? 2019-05-10 15:55:08Coffee is often touted for its energizing effects, and it is widely consumed in some countries starting at relatively young ages. The array of polyphe

Black Shark 2 Review: The new mid-tier ‘gaming 2019-05-10 15:52:15The Black Shark 2 is a gaming phone made by a Xiaomi associated brand. This device is marketed as a ‘gaming phone’ which means, here, that

There’s bad 2020 Kia Soul EV news 2019-05-10 15:50:43Patience is a virtue would-be 2020 Kia Soul EV drivers in the US will have to learn, with the news that the hotly-anticipated all-electric car won&rsq

Demand for the VW ID.3 electric car was 2019-05-10 15:02:24Volkswagen’s ID.3 may not be expected to arrive until mid-2020, but that didn’t stop a flood of reservations and would-be owners overwhelm

Highly effective blood pressure diet may also cut 2019-05-10 14:58:31The National Heart, Lung, and Blood Institute (NHLBI) funded a number of studies that ultimately resulted in the formation of a heart-healthy diet cal

This God of War documentary surprised me 2019-05-10 14:24:03God of War was unquestionably one of the best games released in 2018, if not the best. When fans heard that Sony was rebooting the God of War franchis

Electrek

Electrek Podcast: Tesla Autopilot restructuring, CCS adapter+tow hitch, 2019-05-10 15:41:13 This week on the Electrek Podcast, we discuss the most popular news in the world of sustainable transport and energy, including Tesla launching

Philips LED traditional and smart light bulbs are 2019-05-10 13:28:00 Today only, as part of its Deals of the Day, Best Buy offers the Philips Hue White and Color BR30 Smart LED Light Bulb for $24.99. It will ship

New York state on track to be coal-free 2019-05-10 13:01:58 New York state is on track to close its last remaining coal-fired power plants by the end of 2020 after adopting final regulations that require state

Proposed Illinois bill would force EV owners to 2019-05-10 11:32:56 A proposed bill in the Illinois legislature would raise the state’s annual registration fee for all-electric vehicles from $17.50 to a whopping

EGEB: US solar installations hit 2 million, Québec 2019-05-10 09:03:13 In today’s EGEB: The US reaches 2 million total solar installations, three years after hitting 1 million. A Québec utility looks to beco

Xtracycle’s new electric bicycle morphs between regular city 2019-05-10 08:43:59 Xtracycle is no stranger to morphing cargo bikes. One of their most famous products is an add-on for regular bikes that stretches the frame into a lo

Tesla held a special Model 3 Performance track 2019-05-10 08:22:14 Tesla organized a special Model 3 Performance track day on a racetrack in Shanghai to let people experience the full performance on the electric vehi

Tesla restructures Autopilot software team, Elon takes the 2019-05-10 05:25:48 Tesla is again restructuring its Autopilot software team, according to sources talking to Electrek. CEO Elon Musk is taking the reins with now even m

Self-driving cross-country trip possible for everyone with a 2019-05-09 19:18:46 Tesla has been making bold claims about future autonomous driving plans lately, most recently holding an “autonomy investor event” where

Volkswagen receives 10,000+ pre-orders for ID.3 electric hatchback 2019-05-09 14:22:19 Volkswagen opened up pre-orders for its ID.3 electric hatchback on Wednesday, and the company reports the car has already received more than 10,000 p

‘Tesla saved my life’, says owner after walking 2019-05-09 14:13:12 A Tesla Model S owner says that Tesla’s safety level “saved his life” after he managed to walk away mostly uninjured after a horrif

ecobee4 smart thermostat w/ extra sensors for $250, 2019-05-09 13:22:44 Today only, Home Depot offers ecobee4 bundled with extra room sensors for $250. Given the nearly $80 typical going rate on the sensors, that brings t


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.