[Openid-specs-mobile-profile] Phishing

Petteri Stenius Petteri.Stenius at ubisecure.com
Thu Jan 24 08:25:07 UTC 2019


Hi all,

I think a partial mitigation to this kind of mitm-proxy attack is to recommend that the authentication device presents more context information to the end user in addition to binding message only. 

For example if the device displays ip address of user agent or preferably location resolved from ip address then the user has more hints to suspect something phishy is going on, like this:

"Sign-in request W4SCT from Helsinki, Finland to https://client.example.org. Accept or Reject?"

If there is a proxy phishing attack going on, then the ip address and location is that of the proxy. 

To make this possible with CIBA we need to complete issue #91 
https://bitbucket.org/openid/mobile/issues/91/ciba-authentication-request-and-context 

Petteri

-----Original Message-----
From: Openid-specs-mobile-profile <openid-specs-mobile-profile-bounces at lists.openid.net> On Behalf Of John Bradley
Sent: tiistai 22. tammikuuta 2019 18.02
To: openid-specs-mobile-profile at lists.openid.net
Subject: [Openid-specs-mobile-profile] Phishing

Tools:

https://github.com/kgretzky/evilginx2

https://github.com/drk1wi/Modlishka


Blogs

https://blog.malwarebytes.com/cybercrime/2019/01/two-factor-authentication-defeated-spotlight-2fas-latest-challenge/

https://blog.certfa.com/posts/the-return-of-the-charming-kitten/

https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/

https://cpj.org/2019/01/cpj-safety-advisory-sophisticated-phishing-attacks.php

_______________________________________________
Openid-specs-mobile-profile mailing list Openid-specs-mobile-profile at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile


More information about the Openid-specs-mobile-profile mailing list