Search This Blog

Showing posts with label Web browser. Show all posts

DuckDuckGo Privacy Browser for Android Battling URL Spoofing Attacks



The latest version 5.26.0 of the DuckDuckGo Privacy Browser for Android which has over 5 million downloads is allowing hackers to execute URL spoofing attacks by exploiting a spoofing flaw in the address bar.
The vulnerability which attacks the app users has been discovered by the security researcher, Dhiraj Mishra, who immediately reported the flaw to the concerned security department via the associated bug bounty program provided by the vulnerability coordination and bug bounty platform, 'HackerOne'.
In a conversation with BleepingComputer, Dhiraj told, "this vulnerability was submitted to the browser security team via HackerOne on October 31st, 2018 initially this bug was marked as high the discussion went till May 27th, 2019, and they concluded this 'doesn't seem to be a serious issue' and marked the bug as informative, however, I was awarded a swag from DuckDuckGo."
In the vulnerable DuckDuckGo Privacy Browser for Android, the attackers execute this URL spoofing attack after altering the URL which is displayed onto the address bar of the infected web browser which is configured to trick victims into believing that the website being browsed is monitored by an authenticated source. However, in reality, the website would be controlled by the attackers carrying out the spoofing attack.
There is a high probability of the oblivious users to be unknowingly redirected to web addresses disguised as authenticated web portals which in actuality would be assisting malicious actors in accumulating the data of their potential victims either by phishing or by injecting malware into their systems through malvertising campaigns.
Earlier, in May, Arif Khan, security researcher, on detecting a similar vulnerability in the UC browser said, "URL Address Bar spoofing is the worst kind of phishing attack possible. Because it's the only way to identify the site which the user is visiting,"


New OS takes on Apple, Android

Firefox, a web browser made by the non-profit Mozilla Foundation, was born as “Phoenix”. It rose from the ashes of Netscape Navigator, slain by Microsoft’s Internet Explorer. In 2012 Mozilla created Firefox os, to rival Apple’s ios and Google’s Android mobile operating systems. Unable to compete with the duopoly, Mozilla killed the project.

Another phoenix has arisen from it. Kaios, an operating system conjured from the defunct software, powered 30m devices in 2017 and another 50m in 2018. Most were simple flip-phones sold in the West for about $80 apiece, or even simpler ones which Indians and Indonesians can have for as little as $20 or $7, respectively. Smartphones start at about $100. The company behind the software, also called Kaios and based in Hong Kong, designed it for smart-ish phones—with an old-fashioned number pad and long battery life, plus 4g connectivity, popular apps such as Facebook and modern features like contactless payments, but not snazzy touchscreens.

With millions of Indians still using feature phones, it’s no surprise that this brainchild of San Diego startup KaiOS Technologies is already the second most popular mobile operating system in Indiaafter Android, capturing over 16% market share. iOS is second with 10%share, as per an August 2018 analysis by tech consulting firm Device Atlas.

The new category of handsets powered by KaiOS, which has partnered with Reliance Jio, require limited memory while still offering a rich user experience through services like Google Assistant, Google Maps, YouTube, and Facebook, among others.

Faisal Kawoosa, founder, techARC, credits KaiOS with bringing about a paradigm shift in infotainment in India. “This (the feature phone platform) becomes the first exposure of mobile users to a digital platform. It is also helping the ecosystem and new users to digital services without much increase to the cost of the device,” he said.