Weaponizing Unicode: Homographs Beyond IDNs

The presentation discusses ways to exploit vulnerabilities in search algorithms, plagiarism detection engines, and machine learning systems.

• Using random homographs in text can make it difficult for search algorithms to find the text
• Plagiarism detection engines can be bypassed by swapping in homographic characters
• Consensus poisoning can be used to exploit vulnerabilities in machine learning systems

The presenter showed examples of how using random homographs in text can make it difficult for search algorithms to find the text, and how swapping in homographic characters can bypass plagiarism detection engines. They also discussed how consensus poisoning can be used to exploit vulnerabilities in machine learning systems.

Most people are familiar with homograph attacks due to phishing or other attack campaigns using Internationalized Domain Names with look-alike characters. But homograph attacks exist against wide variety of systems that have gotten far less attention. This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy that should work against homograph attacks in any context.