Homograph attack on domains with K

 Internationalized domain name (IDN) homograph attack is way a thirdparty may confuse users exploiting the fact that many characters may look alike. For example urls "https://bank.com" and "https://bаnk.com" are look as the same, but actually first url contains latin "a", the second cyrilic "а" which looks alike latin.  This characters are called "homoglyphs". You may find more homoglyphs at http://www.irongeek.com/homoglyph-attack-generator.php .

IDN can be represented as unicode url or punycode.

Basically you can't register domain names with homoglyphs. Try to register "bаnk.com" and request will be rejected, because this name contains cyrilic "а". IDN registration policy  not allow to mix latin and cyrilic letters. More details about restrictions you can find here and at iana.org.

In IDN latin table (which represent permitted code points (letters) allowed for Internationalised Domain Name registrations) exists very interesting character "*Kra*". This character looks (Κʻ / ĸ) U+0138. In lower case it is homoglyph for latin "k". And it is allowed to register domain names with this character.

For example I's able to register next domain "http://vĸ.com/".

I think this homoglyph character may cause a lot of phishing attacks on users. As PoC I provide few screenshots from Twitter and Skype. This links are looks very similiar to original and will confuse many users.

The best solution is remove (Κʻ / ĸ) U+0138 from permitted letters table for not allowing registration of such domains.

Popular posts from this blog

Facebook Messenger server random memory exposure through corrupted GIF image

React debug.keystore key was trusted by Meta(Facebook) which caused to Instagram account takeover by malicious apps.

Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval