SquareX researchers have discovered a vulnerability in Safari, the default web browser for Macs, iPhones, and iPads. According to them, the flaw exposes users to Browser-in-the-Middle (BitM) attacks. This hacking tactic involves imitating a legitimate web page in a full-screen browser window, to better deceive the user. It appeared in 2021 and has been wreaking havoc in recent years.
The Danger of Full-Screen Attacks
Once fooled, the user is asked to provide sensitive information, such as usernames and passwords. The information is immediately collected by the hacker. In this case, victims interact with a window opened on a remote browser, under the attacker's control. In fact, Internet users will enter their information on a hacker's computer. They will not realize the deception because they will manage to connect to the website, which is actually open on the remote machine. Typically, hackers manipulate the target into clicking on a malicious link. This link is programmed to open the booby-trapped page on the victim's browser. The link is often included in sponsored ads or fraudulent social media posts. Using a full-screen page offers several advantages to the attacker. First, full-screen pages do not always allow the URL address to be seen. It is generally through the URL that it is possible to detect a scam. Furthermore, full-screen display allows the hacker to highlight a copy of the browser interface. This way, the target doesn't realize they're browsing a rigged website, managed remotely by a hacker, and not their own browser.
Why is Safari vulnerable?
SquareX believes Safari is particularly vulnerable to attacks of this kind. Indeed, Apple's browser doesn't properly warn users when a window enters full-screen mode, the researchers' report states. When the mode is enabled, there is no warning message that appears on the screen. Apple simply displays an animation that shows the browser stretching from one corner of the display surface to the other. The researchers believe that Safari "displays virtually no visual indicators when users enter full-screen mode, which is a critical flaw." This lack "makes full-screen BitM attacks particularly stealthy and difficult to detect on Safari."
Unlike Safari, browsers like Firefox, Microsoft Edge, or Chrome display an alert as soon as full-screen mode is activated. This alert minimizes the risk of an Internet user falling into the trap set by cybercriminals by not realizing that the browser has switched to full-screen mode. Although "this attack works on all browsers, it is particularly convincing on Safari, due to the lack of clear visual cues when full-screen mode is activated," SquareX summarizes.
Contacted by SquareX, Apple believes that there is no reason to change how Safari works. The Californian firm believes that the animation is sufficient to warn Internet users that full-screen mode is activated.
Source: SquareX
0 Comments