Experts have found
a method that allowed attackers to create plausible phishing messages in iMessage, WhatsApp, Signal and other messengers over the past three years.
The attacks used vulnerabilities related to the rendering error. This led to the fact that URLs with Unicode RTLO characters were displayed incorrectly in applications, which allowed for URL substitution attacks.
When you insert an RTLO character into a string, the browser or messaging application displays the string from right to left, rather than its usual left-to-right orientation. This symbol is mainly used to display messages in Arabic or Hebrew.
For example, the URL “gepj.xyz” will be displayed as a harmless JPEG image file “zyx.jpeg “, and created “kpa.li ” will be displayed as the APK file “li.apk”, etc.
Instagram Facebook Messenger and Signal security issues can be used for phishing attacks, allowing you to create plausible fakes in messages sent to users in WhatsApp, iMessage, Instagram, Facebook Messenger and Signal, making them look like legitimate and reliable subdomains. apple.com or google.com .
The developers of some messaging apps have already promised to release a corresponding patch.