ASA-2019-00155 – Telegram: Internationalized domain name (IDN) homograph attacks

Telegram (tested on all mobile versions and Linux and Windows for desktop) is vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, increasing the chances for a successful attack.

ASA-2019-00154 – Signal Private Messenger: Internationalized domain name (IDN) homograph attacks

Signal Desktop and Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, significantly increasing the chances for a successful attack.