Skip to main content

Soundsquatting: Uncovering the Use of Homophones in Domain Squatting

  • Conference paper
Information Security (ISC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8783))

Included in the following conference series:

Abstract

In this paper we present soundsquatting, a previously unreported type of domain squatting which we uncovered during analysis of cybersquatting domains. In soundsquatting, an attacker takes advantage of homophones, i.e., words that sound alike, and registers homophone-including variants of popular domain names. We explain why soundsquatting is different from existing domain-squatting attacks, and describe a tool for the automatic generation of soundsquatting domains. Using our tool, we discover that attackers are already aware of the principles of soundsquatting and are monetizing them in various unethical and illegal ways. In addition, we register our own soundsquatting domains and study the population of users who reach our monitors, recording a monthly average of more than 1,700 non-bot page requests. Lastly, we show how sound-dependent users are particularly vulnerable to soundsquatting through the abuse of text-to-speech software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. IP Addresses of Search Engine Spiders, http://iplists.com/

  2. WHO — Visual impairment and blindness, http://www.who.int/mediacentre/factsheets/fs282/en/

  3. Anticybersquatting Consumer Protection Act (ACPA) (November 1999), http://www.patents.com/acpa.htm

  4. Banerjee, A., Barman, D., Faloutsos, M., Bhuyan, L.N.: Cyber-fraud is one typo away. In: Proceedings of IEEE INFOCOM (2008)

    Google Scholar 

  5. BlueTornado. Skyvi (Siri for Android), http://www.skyviapp.com

  6. Coull, S.E., White, A.M., Yen, T.-F., Monrose, F., Reiter, M.K.: Understanding domain registration abuses. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 68–79. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Dinaburg, A.: Bitsquatting: DNS Hijacking without Exploitation. In: Proceedings of BlackHat Security (July 2011)

    Google Scholar 

  8. Edelman, B.: Large-scale registration of domains with typographical errors (2003)

    Google Scholar 

  9. Even Grounds - How Do Blind People Use The Computer, http://www.evengrounds.com/blog/how-do-blind-people-use-the-computer

  10. Ferguson, R.: Tvviter Typosquatting Phishing Site, http://countermeasures.trendmicro.eu/tvviter-typosquatting-phishing-site/

  11. Gabrilovich, E., Gontmakher, A.: The homograph attack. Communications of the ACM 45(2), 128 (2002)

    Article  Google Scholar 

  12. Gee, G., Kim, P.: Doppelganger Domains, http://www.wired.com/images_blogs/threatlevel/2011/09/Doppelganger.Domains.pdf

  13. Golinveaux, J.: What’s in a domain name: Is cybersquatting trademark dilution? University of San Francisco Law Review 33 U.S.F. L. Rev. (1998-1999)

    Google Scholar 

  14. Herzberg, A., Shulman, H.: Fragmentation Considered Poisonous, or: One-domain-to-rule-them-all.org. In: CNS 2013, pp. 224–232. IEEE (2013)

    Google Scholar 

  15. Hidayat, A.: PhantomJS: Headless WebKit with JavaScript API

    Google Scholar 

  16. Holgers, T., Watson, D.E., Gribble, S.D.: Cutting through the confusion: A measurement study of homograph attacks. In: Proceedings of USENIX ATC (2006)

    Google Scholar 

  17. Jakobsson, M., Finn, P., Johnson, N.: Why and How to Perform Fraud Experiments. IEEE Security & Privacy 6(2), 66–68 (2008)

    Article  Google Scholar 

  18. Jakobsson, M., Ratkiewicz, J.: Designing ethical phishing experiments: A study of (ROT13) rOnl query features. In: WWW 2006 (2006)

    Google Scholar 

  19. Kesmodel, D.: The Domain Game: How People Get Rich from Internet Domain Names. Xlibris Corporation (2008)

    Google Scholar 

  20. McMahon, R.: BIND 8.2 NXT Remote Buffer Overflow Exploit (2000)

    Google Scholar 

  21. Moore, T., Edelman, B.: Measuring the perpetrators and funders of typosquatting. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 175–191. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  22. Nikiforakis, N., Acker, S.V., Meert, W., Desmet, L., Piessens, F., Joosen, W.: Bitsquatting: Exploiting bit-flips for fun, or profit? In: WWW 2013, pp. 989–998 (2013)

    Google Scholar 

  23. Orca: a free, open source, flexible, and extensible screen reader

    Google Scholar 

  24. Seidenberg, M.S., Petersen, A., MacDonald, M.C., Plaut, D.C.: Pseudohomophone Effects and Models of Word Recognition. Journal of Experimental Psychology: Learning, Memory and Cognition 22, 48–62 (1996)

    Google Scholar 

  25. Stewart, J.: DNS Cache Poisoning - The Next Generation (2003)

    Google Scholar 

  26. ScreenReader.net: freedom for blind and Visually impaired people

    Google Scholar 

  27. Wang, Y.-M., Beck, D., Wang, J., Verbowski, C., Daniels, B.: Strider typo-patrol: Discovery and analysis of systematic typo-squatting. In: SRUTI 2006 (2006)

    Google Scholar 

  28. List of dialect-independent homophones, http://en.wiktionary.org/wiki/Appendix:List_of_dialect-independent_homophones

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Nikiforakis, N., Balduzzi, M., Desmet, L., Piessens, F., Joosen, W. (2014). Soundsquatting: Uncovering the Use of Homophones in Domain Squatting. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds) Information Security. ISC 2014. Lecture Notes in Computer Science, vol 8783. Springer, Cham. https://doi.org/10.1007/978-3-319-13257-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13257-0_17

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13256-3

  • Online ISBN: 978-3-319-13257-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics