What is the clickjacking or UI redress attack?

by | Mar 7, 2017 | CCNA, CCNP, CompTIA, Malware Prevention, Most Common Vulnerabilities, Online Banking Security

What is the clickjacking or UI redress attack?

The clickjacking or UI redress attack is an attack in which the attacker uses an opaque or transparent layer on a webpage to trick a victim into clicking on a malicious link or button unknowingly. Thus, the attacker hijacks a user’s click and redirects the user to a different malicious page.

How does the clickjacking or UI redress attack work?

The clickjacking is done in different ways:

  • Sometimes, an attacker deceives a user into clicking a like button or posting an update on a social networking website. Most of us have seen this clickjacking on popular social networking websites. This type of clickjacking is also called likejacking.
  • Sometimes, the attacker hijacks the cursor of a user and makes the cursor point to a location different from where the user perceives it to lead. This type of clickjacking is also called cursorjacking.
  • Sometimes, Password Managers fail to protect against iFrame and redirection-based attacks, and they expose unwanted passwords.
  • Sometimes, unwanted advertisements get displayed on top of an email inbox or iPod. When a user clicks on the malicious ad, an iframe loads that can do malicious activities like deleting all messages, etc.
  • Sometimes, the attacker loads a webpage into an invisible iframe and tricks the user into changing the security settings of some software like Flash Player so that the microphone, the camera, etc., can be exploited.
  • Often, a user prefers to keep logged in to eCommerce websites. An attacker may trick the user into clicking on a social media “like” button and load the eCommerce website in a transparent iframe. As a result, when the user clicks on the like button, some expensive items may get bought from the eCommerce website using the user’s credit card.

How to prevent clickjacking or UI redress attacks?

We can take a couple of steps to prevent this attack.

  • Some browser addons like NoScript can prevent users from clicking on invisible page elements. Here is a comprehensive guide on increasing the security and privacy of browsers.
  • Some commercial products like GuardedID can make all frames on the page visible and protect against these attacks.
  • In some secure web browsers like Gazelle, a window of different origin can only draw dynamic contents over another window’s screen space if the content it draws is opaque. Thus, it can protect users from clicking on something unknowingly.
  • Website owners can include framekiller Javascript snippets in webpages to prevent inside frames from different sources.
  • Many web browsers now adopt HTTP headers like X-Frame-Options, and they can prevent clickjacking partially.
  • The frame-ancestors directive of the Content Security Policy can prevent potentially hostile pages using iframe, object, etc., and prevent clickjacking.

So, beware of various security vulnerabilities and stay safe and secure. This article gives a brief overview of the clickjacking or UI redress attack. Interested readers who want more information on different web application attacks and their preventive measures may want to refer to the book “Web Application Vulnerabilities And Prevention.”

 

Facebooktwitterredditpinterestlinkedinmail

Calculate the pseudoinverse of a matrix using Python

What is the pseudoinverse of a matrix? We know that if A is a square matrix with full rank, then A-1 is said to be the inverse of A if the following condition holds: $latex AA^{-1}=A^{-1}A=I $ The pseudoinverse or the Moore-Penrose inverse of a matrix is a...

Cholesky decomposition using Python

What is Cholesky decomposition? A square matrix A is said to have Cholesky decomposition if it can be written as a product of a lower triangular matrix and its conjugate transpose. $latex A=LL^{*} $ If all the entries of A are real numbers, then the conjugate...

Tensor Hadamard Product using Python

In one of our previous articles, we already discussed what the Hadamard product in linear algebra is. We discussed that if A and B are two matrices of size mxn, then the Hadamard product of A and B is another mxn matrix C such that: $latex H_{i,j}=A_{i,j} \times...

Perform tensor addition and subtraction using Python

We can use numpy nd-array to create a tensor in Python. We can use the following Python code to perform tensor addition and subtraction. import numpy A = numpy.random.randint(low=1, high=10, size=(3, 3, 3)) B = numpy.random.randint(low=1, high=10, size=(3, 3, 3)) C =...

How to create a tensor using Python?

What is a tensor? A tensor is a generalization of vectors and matrices. It is easily understood as a multidimensional array. For example, in machine learning, we can organize data in an m-way array and refer it as a data tensor. Data related to images, sounds, movies,...

How to combine NumPy arrays using horizontal stack?

We can use the hstack() function from the numpy module to combine two or more NumPy arrays horizontally. For example, we can use the following Python code to combine three NumPy arrays horizontally. import numpy A = numpy.array([[1, 2, 3], [4, 5, 6], [7, 8, 9]]) B =...

How to combine NumPy arrays using vertical stack?

Let’s say we have two or more NumPy arrays. We can combine these NumPy arrays vertically using the vstack() function from the numpy module. For example, we can use the following Python code to combine three NumPy arrays vertically. import numpy A = numpy.array([[1, 2,...

Singular Value Decomposition (SVD) using Python

What is Singular Value Decomposition (SVD)? Let A be an mxn rectangular matrix. Using Singular Value Decomposition (SVD), we can decompose the matrix A in the following way: $latex A_{m \times n}=U_{m \times m}S_{m \times n}V_{n \times n}^T $ Here, U is an mxm matrix....

Eigen decomposition of a square matrix using Python

Let A be a square matrix. Let’s say A has k eigenvalues λ1, λ2, ... λk. And the corresponding eigenvectors are X1, X2, ... Xk. $latex X_1=\begin{bmatrix} x_{11} \\ x_{21} \\ x_{31} \\ ... \\ x_{k1} \end{bmatrix} \\ X_2=\begin{bmatrix} x_{12} \\ x_{22} \\ x_{32} \\ ......

How to calculate eigenvalues and eigenvectors using Python?

In our previous article, we discussed what eigen values and eigenvectors of a square matrix are and how we can calculate the eigenvalues and eigenvectors of a square matrix mathematically. We discussed that if A is a square matrix, then $latex (A- \lambda I) \vec{u}=0...

Amrita Mitra

Author

Ms. Amrita Mitra is an author, who has authored the books “Cryptography And Public Key Infrastructure“, “Web Application Vulnerabilities And Prevention“, “A Guide To Cyber Security” and “Phishing: Detection, Analysis And Prevention“. She is also the founder of Asigosec Technologies, the company that owns The Security Buddy.

0 Comments

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Not a premium member yet?

Please follow the link below to buy The Security Buddy Premium Membership.

Featured Posts

Translate »