Circumventing security toolbars and phishing filters via rogue wireless access points

摘要

One of the solutions that has been widely used by naive users to protect against phishing attacks is security toolbars or phishing filters in web browsers. The present study proposes a new attack to bypass security toolbars and phishing filters via local DNS poisoning without the need of an infection vector. A rogue wireless access point (AP) is set up, poisoned DNS cache entries are used to forge the results provided to security toolbars, and thus misleading information is displayed to the victim. Although there are several studies that demonstrate DNS poisoning attacks, none to our best knowledge investigate whether such attacks can circumvent security toolbars or phishing filters. Five well-known security toolbars and three reputable browser built-in phishing filters are scrutinized, and none of them detect the attack. So ineptly, security toolbars provide the victim with false confirmative indicators that the phishing site is legitimate.