The Major Security Issues with Shortening URLs

Shortened URLs can pose several major security risks if the user isn’t weary of them nor know how to spot a contaminated link. How do these pose a risk to unsuspecting users? First, they don’t offer any description of the link you’re going to. Usually, URLs contain the main website and perhaps the article or sub-page you’re being directed to go to. This can be easy for phishing and malware sites to be entered unexpectedly. Cases of this has emerged, such as when researchers found that shortened URLs that redirected a user to websites such as Facebook and Twitter infected computers with malware and sent users to a phishing site; a site that mimics the look of another but is solely used to steal one’s information. In 2014, a shortened goo.gl URL was sent out by mass via email as a “ACH” notification and just redirected people to a site that automatically downloads a malware infected file. Albeit, this isn’t directly short URLs fault, this is malware and spyware, but short URLs are being taken advantage of to send users to sites which contain contaminated files.

Another security risk could be brute-forcing shortened URLs. Essentially, because there is only a limited amount of combinations for short URLs, one with an extremely powerful set of computers with top range CPUs could create a piece of code that could search all the combinations of possible shortened URLs, revealing private files and information kept on cloud platforms, services such as OneDrive, a cloud based file uploaded, uses shortened URLs with only six characters. One could easy use all the combinations with powerful CPUs, download the files and then shift through them looking for private information.

There is low risk if the security of the shortened URL service can detect this and block overloading of the server from one internet connection. If you want a shortened URL with great security and no fuss, use toroox.

Leave a Comment