Communications of the ACM
Mobile Flaw Could Cloak Clicks
Credit: Technology Review
Stanford University researchers have found that mobile websites are extremely vulnerable to attacks from malicious sites using a technique known as tapjacking, which tracks users' clicks as a way to steal passwords and other data. Smartphones are more vulnerable to tapjacking because it is hard to tell which sites are secure, since an attacker can "draw anything he wants on the screen, and the user cannot tell what's real and what is from the attacker," says Stanford postdoctoral fellow Elie Bursztein.
"People buy things on their phone, they use Facebook and Twitter, and soon enough they will be doing banking on the phone," Bursztein says.
The researchers recommend using frame-busting code to prevent a website from creating an invisible frame to display another page. "Mobile website security should be taken as seriously as nonmobile website security—otherwise, bad things can happen," Bursztein warns.
From Technology Review
View Full Article
Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA 
No entries found