{"guid":"8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","title":"What you see is not what you get - when homographs attack","subtitle":null,"slug":"Camp2019-10258-what_you_see_is_not_what_you_get_-_when_homographs_attack","link":"https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10258.html","description":"This talk offers a brief overview about homograph attacks, describes part of the mechanics behind the registration of homograph domains, highlights their risks and presents a chain of two practical exploits against Signal, Telegram and Tor Browser that could lead to nearly impossible to detect phishing scenarios and also situations where more powerful exploits could be used against an opsec-aware target.\n\nSince the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN\nover two decades ago, a series of brand new security implications were also brought into light together with the\npossibility of registering domain names using different alphabets and Unicode characters.\n\nThis talk offers a brief overview about homograph attacks, describes part of the mechanics behind the registration of homograph domains, highlights their risks and presents a chain of two practical exploits against Signal, Telegram and Tor Browser that could lead to nearly impossible to detect phishing scenarios and also situations where more powerful exploits could be used against an opsec-aware target.\n\nHistorical security issues related to Unicode and confusable homographs, as well as other attack vectors not discovered by the author will also be explored in this presentation.","original_language":"eng","persons":["Julio"],"tags":["camp19","10258","Security"],"view_count":375,"promoted":false,"date":"2019-08-23T00:00:00.000+02:00","release_date":"2019-08-24T02:00:00.000+02:00","updated_at":"2026-04-02T10:00:07.704+02:00","length":1764,"duration":1764,"thumb_url":"https://static.media.ccc.de/media/conferences/camp2019/10258-hd.jpg","poster_url":"https://static.media.ccc.de/media/conferences/camp2019/10258-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/conferences/camp2019/10258-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/conferences/camp2019/10258-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/Camp2019-10258-what_you_see_is_not_what_you_get_-_when_homographs_attack","url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_title":"Chaos Communication Camp 2019","conference_url":"https://api.media.ccc.de/public/conferences/camp2019","related":[{"event_id":7370,"event_guid":"7c043172-6fbe-4a23-a990-69c5bcab8f5d","weight":7},{"event_id":7373,"event_guid":"045e8a2c-63d0-4335-886e-cbd6323afc73","weight":7},{"event_id":7381,"event_guid":"e988c76b-3a47-46de-a2c7-77c49a5e731b","weight":21},{"event_id":7384,"event_guid":"8e743367-04a1-4232-ab03-a54fc210e548","weight":7},{"event_id":7385,"event_guid":"df91b683-2f32-4400-8043-b1d88aa0b454","weight":10},{"event_id":7389,"event_guid":"ed4b6c75-14f4-49fe-a11e-3762bd6b54e3","weight":7},{"event_id":7391,"event_guid":"823efec2-9c83-45d6-bec9-6a07db561cc2","weight":4},{"event_id":7392,"event_guid":"7d8aff66-f15e-4fdd-b5aa-af555f7a626f","weight":10},{"event_id":7393,"event_guid":"a9b096f5-3db7-4c83-af7c-289afa1d886c","weight":4},{"event_id":7396,"event_guid":"ffe2c816-e1d4-4457-8a2d-6c953cc3de17","weight":9},{"event_id":7397,"event_guid":"f650773d-d9df-4050-814c-a9505c439b30","weight":12},{"event_id":7401,"event_guid":"9e141f51-1fd3-482b-8af8-92f7f65653f7","weight":16},{"event_id":7405,"event_guid":"5337766f-3676-4a2a-b1f6-4bd66b4d71af","weight":18},{"event_id":7416,"event_guid":"f0730982-2990-418e-9b15-20a6b9e86dd2","weight":9},{"event_id":7417,"event_guid":"84c25f65-998a-43a8-bd32-2fe91fe42ff7","weight":7},{"event_id":7420,"event_guid":"260ac343-6ccd-4652-8667-adf4e6d5cdeb","weight":17},{"event_id":7425,"event_guid":"06bcc268-f0db-48dc-963d-d3d54c6769a8","weight":18},{"event_id":7448,"event_guid":"ca82c94e-28b1-4c77-b7c1-0ab024a46c25","weight":15},{"event_id":7451,"event_guid":"9f38e10d-39e2-4380-83bf-26626396e476","weight":15}],"recordings":[{"size":108,"length":1764,"mime_type":"video/mp4","language":"eng","filename":"camp19-10258-eng-What_you_see_is_not_what_you_get_-_when_homographs_attack.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T11:08:39.508+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10258-eng-What_you_see_is_not_what_you_get_-_when_homographs_attack.mp4","url":"https://api.media.ccc.de/public/recordings/37497","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":108,"length":1764,"mime_type":"video/mp4","language":"deu","filename":"camp19-10258-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T11:08:44.205+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10258-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack.mp4","url":"https://api.media.ccc.de/public/recordings/37498","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":183,"length":1764,"mime_type":"video/mp4","language":"eng-deu","filename":"camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T11:08:49.699+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_hd.mp4","url":"https://api.media.ccc.de/public/recordings/37499","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":26,"length":1753,"mime_type":"audio/mpeg","language":"eng","filename":"camp19-10258-eng-What_you_see_is_not_what_you_get_-_when_homographs_attack_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2019-08-24T11:09:34.781+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/mp3/camp19-10258-eng-What_you_see_is_not_what_you_get_-_when_homographs_attack_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/37501","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":17,"length":1753,"mime_type":"audio/opus","language":"eng","filename":"camp19-10258-eng-What_you_see_is_not_what_you_get_-_when_homographs_attack_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2019-08-24T11:10:04.278+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/opus/camp19-10258-eng-What_you_see_is_not_what_you_get_-_when_homographs_attack_opus.opus","url":"https://api.media.ccc.de/public/recordings/37502","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":89,"length":1764,"mime_type":"video/mp4","language":"eng-deu","filename":"camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-08-24T11:11:51.371+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-sd/camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_sd.mp4","url":"https://api.media.ccc.de/public/recordings/37503","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":107,"length":1764,"mime_type":"video/webm","language":"eng-deu","filename":"camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-08-24T11:20:36.608+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/webm-sd/camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/37505","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":258,"length":1764,"mime_type":"video/webm","language":"eng-deu","filename":"camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T12:01:41.386+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/webm-hd/camp19-10258-eng-deu-What_you_see_is_not_what_you_get_-_when_homographs_attack_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/37507","event_url":"https://api.media.ccc.de/public/events/8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"}]}