loader gif

Research: Mobile Chrome, Safari, and Firefox failed to show phishing warnings for more than a year

Research: Mobile Chrome, Safari, and Firefox failed to show phishing warnings for more than a year (Innovation and Research)

For more than a year, mobile browsers like Google Chrome, Firefox, and Safari failed to show any phishing warnings to users, according to a research paper published this week. Instead, they focused on deploying phishing pages with "cloaking techniques" aimed at tricking URL blacklist technologies and then recording the time it took for these "cloaked" phishing pages to land on lists of "dangerous sites" -- or if they landed at all. Further, the research team's phishing pages also used six (actually five) cloaking techniques researchers said they've seen used by phishing kits in the real-world: Results varied per URL blacklists and cloaking technique [check graphs at the end of the research paper], but the thing that stood out during their research was that cloaks A, E, and F had zero detections on mobile browsers that were using Google's Safe Browsing URL blacklist. [Cloak A was effectively a "no cloak," meaning that Safe Browsing was not alerting users about any phishing pages, even if they used cloaking technologies or not -- effectively not working at all].

loader gif