Bitsquatting is similar to typosquatting, except it lacks the human factor. As unbelievable as it may sound, machines, like people, can commit errors. Bitsquatting occurs when a hacker takes advantage of a computer error—a one-bit (binary digit) error known as a bit flip—in the device’s attempt to access a nonmalicious website to redirect the device to a website controlled by the hacker.
Bitsquatting occurs when a malicious hacker registers a website that is one bit different from the one that an unwary user intended to access, such as amczon.com (the letter “c” differs from the letter “a”). When a victim visits a rogue website, the hacker in charge can disseminate malware, conduct cyber espionage, or phish for personal or commercial information from the victim.
According to Artem Dinaburg, a security researcher at cyber security firm Trail of Bits who discovered bitsquatting in 2011, bitsquatting is simply DNS hijacking without exploitation. He claims that the intricate nature of how bitsquatting works is a significant reason why it’s difficult to stop.
How can I protect my website against bitsquatting?
Bit errors while requesting domain names are unlikely to pose serious harm to your web application. However, if they are, Subresource Integrity (SRI) can assist.
With SRI, you supply a hash of the resource you’re loading in an integrity attribute, such as this:
<script src="http://www.example.org/script.js"
integrity="sha256-DEC+zvj7g7TQNHduXs2G7b0IyOcJCTTBhRRzjoGi4Y4="
crossorigin="anonymous">
</script>It no longer matters if the script is retrieved from a different site due to a bit mistake (or changed by an MITM), because your browser will refuse to run the script if the hash of its content does not match the integrity value. So, if a bit mistake or anything else caused the URL to resolve to the attacker-controlled dxample.org instead, the only script they could inject successfully would be one matching the hash (that is, the script you intended to load anyway).
The most common use for SRI is retrieving scripts and stylesheets from potentially untrustworthy CDNs, but it may be used in any circumstance where you want to confirm that the requested item has not been updated.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.