Latest in Gear

Image credit: AP Photo/Mark Lennihan

Chrome exploit uses a fake address bar for phishing attacks

You might not realize you're on a bogus site despite your best efforts.
2291 Shares
Share
Tweet
Share
Save

Sponsored Links

AP Photo/Mark Lennihan

Cyberattackers don't need to find obscure technical flaws to launch phishing attacks -- they might just need a screen capture and some clever web coding. Developer James Fisher has found a relatively simple exploit in Chrome for mobile that takes advantage of how the app displays the address bar. When you scroll down from the top of a page, the approach displays a fake address bar that won't disappear until you visit another site. The attacker can even craft the page to prevent you from seeing the real address bar when you scroll up.

Fisher's approach is focused on Chrome and is only a proof of concept for now, but it could theoretically display fake address bars for a variety of browsers and even include interactive elements. In other words, a phishing campaign could produce a convincing site beyond just the content of the page. You'd have to pay attention to the starting address to know what's happening, and not everyone will catch that irregularity.

We've asked Google for comment. It's not clear how many phishers will use techniques like this. There is a way to double-check, though. The 9to5Google team noted that you can force the real address bar to show by locking and then unlocking your phone again. It's not bullet-proof as a result, but many people won't know to try this and might be fooled as a result.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
2291 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
iFixit's iPhone 11 Pro Max teardown investigates charging rumors

iFixit's iPhone 11 Pro Max teardown investigates charging rumors

View
TiVo wants to make a comeback with $50 Android TV dongle

TiVo wants to make a comeback with $50 Android TV dongle

View
Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

View
Watch the 'Android' Nokia phone that never had a chance to exist

Watch the 'Android' Nokia phone that never had a chance to exist

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr