Recently, An attack has occurred in Trend Micro Web Protection which take advantages of Punycode method which the vulnerability’s details can be seen as follow:
- CVE assigned: CVE-2020-25779
- Platform affected: macOS
- CVSSv3 Score: 3.2
- Rating for Severity: Low
For those who are not familiar with what is Punycode is, i will share the details on the method. Punycode is a method which International Domain Names will be represent within the limited character set that will be configured and supported via domain name system.
Another way of explaining the Puny Code is that every letter, character and number will have a unique binary number that only the computer that we used can process and understand them. It’s very similar to ASCII where it contains encoding standards for the character but it has a weakness which it doesn’t support language such as Greek.
How Puny Code attack work?
There are multiple ways for Puny Code attack to work like Homography attack method where the URL link will look exactly legitimate and hard to notice the difference between legit or fake website. The main purpose of the homography attack method is that the attacker will steal the information on the victims or worst infected the victim’s device.
This homography attack method can work because Unicode characters will look exactly the same as the original to the naked eye of people but in reality, it is a different web address that looks the same