Observation of internationalized domain names and the letter K
Surely, many people use or have heard about internationalized domain names (IDN) - domain names consisting of the characters of the national alphabet, for example, test.rf. Also, many people know that Latin and Cyrillic have visual similar symbols, for example, Latin “a” and Cyrillic “a” look the same, but they have different codes, i.e. ! “A” .equals (“a”). This article focuses on domain names that look very similar due to one letter K. In the future, attackers can take advantage of this similarity, so to avoid this I want to talk about one of my observations from the domain of internationalized domain names.
Unicode or punycode can be used to display IDNs. In punycode, the domain looks something like this: xn - e1aybc.xn - p1ai, and in unicode it is a test.rf.
As mentioned above, there are similar characters in Latin and Cyrillic, so the two domains twitter.com and twitter.com look the same in the unicode encoding. As you guessed, one of the domains contains the Latin “e”, and the other Cyrillic “e”. To avoid such colises, there are tables of national alphabets that contain valid characters for domain registration. Thanks to these tables, if the domain contains Cyrillic, then it can no longer contain the Latin alphabet. Thus, you will not be able to register another twitter.
')
For more information about the table and the rules for naming IDN can be found at the following links:
And here I once studied information about IDN on one of the links and found an interesting symbol Κʻ / ĸ (U + 0138, * Kra * ). It can be noted that in the capital version it looks like the Latin “k” or Cyrillic “k”. And you know what is most interesting? This symbol can be used in combination with the Latin alphabet. Those. You can register another vĸ.com or sĸype.com, or you could have done it more precisely.
As a PoC, I registered a couple of such domain names. For example vĸ.com. Browsers differently display such a domain in the address bar.
Chrome shows in punycode format:
But Firefox (the same in Safari) in unicode:
This may confuse the user. Some services, such as Twitter, show such a domain in unicode format - again, potentially, an attacker could turn around and use a phishing link:
Skype is the same:
Thus, there is a threat of using domain names with the substitution of the letter “k” for “ĸ” and it seems to me that this symbol should be removed from the table of Latin characters and should not be allowed for the registration of domain names. Two weeks ago I sent my observation to iana-questions@iana.org (as I understood this organization deals with IDN). However, besides the ticket number (887309), I received nothing in response. I decided to publish my observation in order to learn the opinion of a larger number of specialists: either I am extremely mistaken in my observation, or he really needs to move.
Unicode or punycode can be used to display IDNs. In punycode, the domain looks something like this: xn - e1aybc.xn - p1ai, and in unicode it is a test.rf.
As mentioned above, there are similar characters in Latin and Cyrillic, so the two domains twitter.com and twitter.com look the same in the unicode encoding. As you guessed, one of the domains contains the Latin “e”, and the other Cyrillic “e”. To avoid such colises, there are tables of national alphabets that contain valid characters for domain registration. Thanks to these tables, if the domain contains Cyrillic, then it can no longer contain the Latin alphabet. Thus, you will not be able to register another twitter.
')
For more information about the table and the rules for naming IDN can be found at the following links:
- www.iana.org/domains/idn-tables
- www.verisign.com/en_US/channel-resources/domain-registry-products/idn/idn-policy/registration-rules/index.xhtml
And here I once studied information about IDN on one of the links and found an interesting symbol Κʻ / ĸ (U + 0138, * Kra * ). It can be noted that in the capital version it looks like the Latin “k” or Cyrillic “k”. And you know what is most interesting? This symbol can be used in combination with the Latin alphabet. Those. You can register another vĸ.com or sĸype.com, or you could have done it more precisely.
As a PoC, I registered a couple of such domain names. For example vĸ.com. Browsers differently display such a domain in the address bar.
Chrome shows in punycode format:
But Firefox (the same in Safari) in unicode:
This may confuse the user. Some services, such as Twitter, show such a domain in unicode format - again, potentially, an attacker could turn around and use a phishing link:
Skype is the same:
Thus, there is a threat of using domain names with the substitution of the letter “k” for “ĸ” and it seems to me that this symbol should be removed from the table of Latin characters and should not be allowed for the registration of domain names. Two weeks ago I sent my observation to iana-questions@iana.org (as I understood this organization deals with IDN). However, besides the ticket number (887309), I received nothing in response. I decided to publish my observation in order to learn the opinion of a larger number of specialists: either I am extremely mistaken in my observation, or he really needs to move.
Source: https://habr.com/ru/post/279113/
All Articles