Homoglyph Attacks


Homoglyphs are characters that love each other very much look strikingly similar to each other.

Can you quickly tell the difference between these two - O0? That's The capital letter "o" and the number 0. How about Il1|? Depending on the font used - and your attention to detail, it may be hard to spot the difference between all three.

The sites homoglyphs.net and IronGeek are great resources for creating text which uses similar looking - but not identical - characters.

Τһⅰѕ text may loоk likе ⅰt ⅽоntаins nοrⅿal Engⅼіsһ ϲһarаϲterѕ ‐ but іt ⅾoeѕ nоt.

Іt's fairly оbvious in the above that something fishу is going on‚ but in this sentence it's more ѕubtle.

What Can Be Done With This

You'll often find spammers using homoglyphs in an attempt to evade filters - it's not uncommon to see subject lines touting cut price "νⅰagrа" - easy for a human to read, hard for a computer to check against a "banned words" list.

It's possible to create silly little pranks like this:
Cameron Integrity-fs8

Finally, fraudsters can take advantage of these character to create domains like "paypal.com" and similar.

Defending

There are three main defences against this.

  1. Use a font which easily disambiguates between homoglyphs.
  2. Be vigilant! Look out for weird spacing and odd looking characters.
  3. Website owners should detect "unusual" characters and either refuse to display them, or ensure that they are displayed in a visually distinct style.

For sites primarily in English, it's relatively easy to spot non ASCII characters - but for those sites which require Unicode it's much more difficult and is the subject of much academic research.

Stay safe out there!

Leave a Reply

Your email address will not be published. Required fields are marked *