[Openid-specs-mobile-profile] Phishing
Petteri Stenius
Petteri.Stenius at ubisecure.com
Thu Jan 24 08:25:07 UTC 2019
Hi all,
I think a partial mitigation to this kind of mitm-proxy attack is to recommend that the authentication device presents more context information to the end user in addition to binding message only.
For example if the device displays ip address of user agent or preferably location resolved from ip address then the user has more hints to suspect something phishy is going on, like this:
"Sign-in request W4SCT from Helsinki, Finland to https://client.example.org. Accept or Reject?"
If there is a proxy phishing attack going on, then the ip address and location is that of the proxy.
To make this possible with CIBA we need to complete issue #91
https://bitbucket.org/openid/mobile/issues/91/ciba-authentication-request-and-context
Petteri
-----Original Message-----
From: Openid-specs-mobile-profile <openid-specs-mobile-profile-bounces at lists.openid.net> On Behalf Of John Bradley
Sent: tiistai 22. tammikuuta 2019 18.02
To: openid-specs-mobile-profile at lists.openid.net
Subject: [Openid-specs-mobile-profile] Phishing
Tools:
https://github.com/kgretzky/evilginx2
https://github.com/drk1wi/Modlishka
Blogs
https://blog.malwarebytes.com/cybercrime/2019/01/two-factor-authentication-defeated-spotlight-2fas-latest-challenge/
https://blog.certfa.com/posts/the-return-of-the-charming-kitten/
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
https://cpj.org/2019/01/cpj-safety-advisory-sophisticated-phishing-attacks.php
_______________________________________________
Openid-specs-mobile-profile mailing list Openid-specs-mobile-profile at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-mobile-profile
More information about the Openid-specs-mobile-profile
mailing list