Sign In

Communications of the ACM

ACM TechNews

Mobile Flaw Could Cloak Clicks

View as: Print Mobile App Share:
iPhone tweet

Credit: Technology Review

Stanford University researchers have found that mobile websites are extremely vulnerable to attacks from malicious sites using a technique known as tapjacking, which tracks users' clicks as a way to steal passwords and other data. Smartphones are more vulnerable to tapjacking because it is hard to tell which sites are secure, since an attacker can "draw anything he wants on the screen, and the user cannot tell what's real and what is from the attacker," says Stanford postdoctoral fellow Elie Bursztein.

"People buy things on their phone, they use Facebook and Twitter, and soon enough they will be doing banking on the phone," Bursztein says.

The researchers recommend using frame-busting code to prevent a website from creating an invisible frame to display another page. "Mobile website security should be taken as seriously as nonmobile website security—otherwise, bad things can happen," Bursztein warns.

From Technology Review
View Full Article


Abstracts Copyright © 2010 Information Inc., Bethesda, Maryland, USA


No entries found