Fairly recenty, a new and straightforward phishing scam vulnerability was discovered that affected Google Chrome’s internet browsing software for mobiles. This is according to a developer named Jim Fiasher, who posted information about the security issue on his own blog.
Fisher named the scam the ‘inception bar’, which specifically targets those using Android mobile phones. This malicious software utilises a fake address bar in the browser — not only does the fake bar show the name of what seems to be a legitimate website, it also displays a false SSL certificate badge.
These SSL Certificates are markers of a trustworthy website, indicating that the page is safe. So it’s worringly that an exploit has been found capable of spoofing a certificate.
Normally, when you scroll down a website using the Google Chrome browser on Android, your address bar disappears. Then, when you scroll up again, it comes back. However, the software vulnerability traps users in something he called a ‘scroll jail’ being unable to scroll back up the page.
It can then display this ‘inception bar’, so-called because it’s essentially a page within a page, with a phony bar that can be forced to show anything. This developer was able to make it display the URL for his bank.
Rather than being an active phishing scam, this is a vulnerability that has been exposed by this developer. It shows that cyber criminals could potentially employ the same tactics to steal card information and personal information from people who might think they’re using legitimate websites.
At the moment, there’s no known fix for the vulnerability, and we’ve not been made aware of any plans to stop those who might wish to use this software vulnerability maliciously.
If you need any more tips and advice on using your Android smartphone and how to keep safe, then get in touch with WiseGuys on 0808 123 2820.