A study carried out by Rapid7 Inc has found serious security vulnerabilities in the mobile browsers that could allow hackers to fake any web portal address direct from the address bar. Also, the research has confirmed that vulnerabilities do exist in multiple mobile browsers that include some big names such as Yandex, Appleās Safari, Opera Touch/Mini, Bolt Browser, RITS Browser, and UC Browser.
Tod Beardsley, the lead researcher at Rapid7 Inc, stated that the security flaw can turn serious to those using iOS devices as Safari comes as a default browser on the said devices and Opera is being used by many low end smart phone users.
āHackers can easily exploit susceptibility in the browser and then fake an URL address for a webpage, making users enter crucial credentials on the website unknown of the cyber scamā, said Tod.
He added that desktop browsers are filled with many security aspects and so adding spoofed websites on them will not be a simple task for cyber criminals. Whereas, in mobile browsers there is no mechanism such as a pop-up message to validate that the website is really from a bank, healthcare provider or of social media.
JavaScript Shenanigans are being used by the threat actors where they induce malicious websites as JavaScript codes to present a fake URL to the mobile browser user in the address bar.
āOften people get many notifications when they buy something through web and clicking on such notification links can prove fatal,ā, said Hank Schless, the Senior Manager at Lookout Inc.
And as the screen is small to scan down the website addresses, hackers are seen adding special characters or numbers in the address bar which often go unnoticed, pushing the online user deeper into a cyber scam added Schless.
