Puny Code attacks review

Recently, An attack has occurred in Trend Micro Web Protection which take advantages of Punycode method which the vulnerability’s details can be seen as follow:

  • CVE assigned: CVE-2020-25779
  • Platform affected: macOS
  • CVSSv3 Score: 3.2
  • Rating for Severity: Low

For those who are not familiar with what is Punycode is, i will share the details on the method. Punycode is a method which International Domain Names will be represent within the limited character set that will be configured and supported via domain name system.

Another way of explaining the Puny Code is that every letter, character and number will have a unique binary number that only the computer that we used can process and understand them. It’s very similar to ASCII where it contains encoding standards for the character but it has a weakness which it doesn’t support language such as Greek.

How Puny Code attack work?

There are multiple ways for Puny Code attack to work like Homography attack method where the URL link will look exactly legitimate and hard to notice the difference between legit or fake website. The main purpose of the homography attack method is that the attacker will steal the information on the victims or worst infected the victim’s device.

This homography attack method can work because Unicode characters will look exactly the same as the original to the naked eye of people but in reality, it is a different web address that looks the same

Source: Punycode Phishing – Daily Security Byte

Source: Security Bulletin: Trend Micro Antivirus for Mac 2020 (Consumer) Bypass Web Threat Protection via Internationalized Domain Name Homograph Attack (Puny-code) Vulnerability

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *