Mobile Browsers are stop showing Phishing warning For more then a year

May 24, 2019 - Cyber Security
Mobile Browsers are stop showing Phishing warning For more then a year

According to researches, mobile browsers (Mobile Chrome, Safari, Firefox and etc.) have not shown any phishing warnings for users.

Mobile Chrome, Safari, and Firefox did not display blacklisted alerts between mid-2017 and end 2018.

The issue influenced only mobile browsers that sued Google Safe Browsing link blacklist technology.

The research team composed of academics from Arizona State University and PayPal staff notified Google of the problem, and the problem was resolved at the end of 2018.

“Following our disclosure, we learned that the inconsistency in the GSB mobile blacklist is due to the transition to a new mobile API designed to optimize the use of data, which ultimately did not work as expected,”.

– the Researchers said.

Project Phishfram

The discovery of this important security bug came during an academic research project called PhishFarm, which began in early 2017.

During PhishFarm, researchers created and deployed 2,380 phishing pages mimicking the PayPal login page. Researchers didn’t measure how fast their URLs landed on URL blacklists. This type of research has been done in the past.

Instead, they focused on distributing phishing pages with “cloaking techniques” aimed at fooling blacklist URL technologies and then recording the time taken for these “hidden” phishing pages to land on “dangerous site” lists.

For PhishFarm, researchers have tested blacklist URLs such as Google Safe Browsing, Microsoft SmartScreen, and those managed by US-CERT, Anti-Phishing Workgroup, PayPal, PhishTank, Netcraft, Websense, McAfee, and ESET.

In additions to that, the research team’s phishing pages also used some Techniques called cloaking techiques:

Cloak A– Allow all users to view the phishing site. Cloak B– Allow only users from mobile devices.
Cloak C– Allow only US users from desktop devices.
Cloak D– allow only non-US users from desktop devices.
Cloak E– Block visitors from IP addresses known to be associated with security vendors.
Cloak F– Allow only browsers where JavaScript is enabled.

“We found that simple concealment techniques that represent representative attacks-including those based on geolocation, device type, or JavaScript-were effective in reducing the likelihood of blacklisting by more than 55% on average,” the researchers said.

When researchers repeated their tests in mid-2018, they got the same results when they realized that Google’s Safe Browsing technology did not work as predicted on mobile devices. [Cloak A was actually “no cloak”, which means Safe Browsing did not alert users to any phishing page, even if they used the cover technology or not – they are not working at all].

Check out our other news About Cyber Security

Leave a Reply

Your email address will not be published. Required fields are marked *