Clickjacking Revisited: A Perceptual View of UI Security
نویسندگان
چکیده
Warren He presented his work on new forms of clickjacking attacks; this was joint work with some of his fellow researchers at UC Berkeley. Their team frames clickjacking as fundamentally an attack on a user’s perception; all five of their new attacks work by manipulating or diverting a user’s attention from security UI events that would otherwise alert users of the clickjacking attack. He argued that their perceptual attacks defeat many existing clickjacking defenses, including the new W3C UI defense, which requires cross-origin elements to be visible for a short amount of time before a UI event can interact with the element. However, their attack model does not include breaking X-Frame-Options because X-Frame-Options cannot be used for third-party mashup applications, such as the Facebook Like Button, that are embedded on many popular Web sites.
منابع مشابه
Clickjacking: Attacks and Defenses
Clickjacking attacks are an emerging threat on the web. In this paper, we design new clickjacking attack variants using existing techniques and demonstrate that existing clickjacking defenses are insufficient. Our attacks show that clickjacking can cause severe damages, including compromising a user’s private webcam, email or other private data, and web surfing anonymity. We observe the root ca...
متن کاملAndroid UI Deception Revisited: Attacks and Defenses
App-based deception attacks are increasingly a problem on mobile devices and they are used to steal passwords, credit card numbers, text messages, etc. Current versions of Android are susceptible to these attacks. Recently, Bianchi et al. proposed a novel solution “What the App is That” that included a host-based system to identify apps to users via a security indicator and help assure them tha...
متن کاملOn the Fragility and Limitations of Current Browser-Provided Clickjacking Protection Schemes
An important and timely attack technique on the Web is Clickjacking (also called UI redressing), in which an attacker tricks the unsuspicious victim into clicking on a specific element without his explicit knowledge about where he is actually clicking. In order to protect their websites from being exploitable, many web masters deployed different countermeasures to this kind of attack. In this p...
متن کاملA Trusted UI for the Mobile Web
Modern mobile devices come with first class web browsers that rival their desktop counterparts in power and popularity. However, recent publications point out that mobile browsers are particularly susceptible to attacks on web authentication, such as phishing or clickjacking. We analyze those attacks and find that existing countermeasures from desktop computers can not be easily transfered to t...
متن کاملWeb Browser Security: Different Attacks Detection and Prevention Techniques
In this paper, we present a systematic study of how to make a browser secure. Web browser is vulnerable to different attacks; these attacks are performed due to vulnerabilities in the UI of the web page, Browser cache memory, extensions, plug-in. The Attacker can run malicious JavaScript to exploit user system by using these vulnerabilities. Buffer overflow attack, Cross-site-scripting, Man-in-...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014