Monday, December 13, 2010

Linkedin ViewLink and ViewArticle mechanism opens new kind of Phishing attacks

In this post I'll explain how it's possible to execute Phishing attacks on LinkedIn users while the attacked users will see in the address bar the LinkedIn.com domain.


LinkedIn users allowed to attach links to their posts in LinkedIn website.


User that will click on these links will open the links using the LinkedIn ViewLink mechanism that will open the link in a iFrame.


Attackers can upload a regular LinkedIn phishing page and abuse this ViewLink mechanism and fool users and steal their passwords, all they need to is to attach a link to this phishing page in their posts.


We did this POC (proof of concept) today, here is what I got:
Step1:

Step2:

Step3:
 

So now the poor users need not just to verify the domain on the address bar, they also need to verify they are not entering their credentials on ViewLink or on ViewArticle pages.

Posted by at
Reactions: 

1 comment:

  1. This is perhaps specially interesting since LinkedIn is currently sending out loads of emails to potential victims of the Gawker hack:

    http://www.breaknenter.org/2010/12/gawker-hacked-linkedin-responds-promptly/

    These emails closely resemble SPAM emails. In other words, if you want to perform a phishing-attack against LinkedIn, now you have the perfect shroud to hide in by spoofing these emails and using the attack above.

    ReplyDelete

Subscribe to: Post Comments (Atom)