How to Block Address Bar Spoofing Attacks in Your Mobile Browser
At Lifehacker, we write a lot about web browsers – so much that I feel like talking about the latest features in Chrome, Firefox, Edge or Safari is a weekly conversation between you and me. I admit, even I get a little tired, but it’s important that we keep in touch because having a browser with the latest features – and security fixes – is good for your digital life.
Honestly, I don’t give a damn if you will use any new features that your browser developer deploys from time to time – if you are okay with surfing the web as it is and you no longer need the bells and whistles to distract you from your daily online habits, that’s fine. Never think that you need to do more if you don’t want to.
But don’t take my suggestion as a sign that you should ignore when your browser developer releases a new version. Because this update isn’t just about features. They will also contain various internal fixes for cryptic bugs and security vulnerabilities. And that’s what you’ll want on the day they are released because they will help you navigate the web more safely.
Case in point: There is a lot of research underway on how some browsers, including mobile versions of Opera and Safari, are or have been vulnerable to some “JavaScript fraud” that a website can use to spoof its actual URL. in the address bar of your browser. As Rapid7 Research Director Tod Beardsley recently wrote in a blog post:
“In all cases, the victim will have to visit a website where the attacker can host executable javascript. This usually does not include sites like Facebook, Reddit, Twitter, or other online forums (they do a pretty good job of protecting against the aforementioned Javascript scams), but does include a website created by the attacker and sent to the victim via a phishing email, text phishing message, or post on a popular forum. So, for example, imagine a text message from a fake phone number that says “Received an important message from your payment processor, click here,” and then you click without looking and end up on a web page that is clearly (but falsely) says it’s Paypal, but can you quickly give up your password? “
Sounds scary, right? Well, the good news is that the major browsers affected by this issue, namely Safari and Opera Mini / Touch, were already fixed before Beardsley released his report. For third-party browsers that you’ve downloaded, like Opera, this means that all you have to do is update them regularly via the Apple App Store or Google Play Store.
That’s all! Just keep updating your apps. Never stop updating your apps.
For Safari in particular, you need to make sure that you always use the latest iOS version that you can get, as Apple does not update the browser through its App Store as you might expect. Instead, Apple is pushing browser updates through system updates, which can be in the form of an iOS major release (iOS 13> iOS 14) or an incremental release (such as iOS 14.0.1).
While most modern iPhones should update to newer iOS versions automatically, you can check if this setting is enabled and update your device manually if applicable. Just go to Settings> General> Software Update . It’s that easy and you don’t need to waste your time. Again, it’s perfectly normal not to care about the functionality of a new browser version, or even a new version of an operating system. Update your apps and operating system to keep yourself as safe as possible. In fact, everything is simple.