clickjacking
play

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang - PowerPoint PPT Presentation

Oct 07, 2023 •314 likes •567 views

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

  1. Clickjacking Credit: paper (“Clickjacking: Attacks and Defenses” Huang et al.) and most slide content (Vern Paxson)

  2. Misleading users • Browser assumes that clicks and keystrokes = clear indication of what the user wants to do • Constitutes part of the user’s trusted path • Attacker can meddle with integrity of this relationship in all sorts of ways

  3. Misleading users • Browser assumes that clicks and keystrokes = clear indication of what the user wants to do • Constitutes part of the user’s trusted path • Attacker can meddle with integrity of this relationship in all sorts of ways • Recall the power of Javascript Alter page contents (dynamically) • Track events (mouse clicks, motion, keystrokes) • • Read/set cookies • Issue web requests, read replies

  4. Using JS to Steal Facebook Likes Claim your free iPad! Bait and switch User tries to claim their free iPad, but 
 you want them to click your Like button (Many of these attacks are similar to TOCTTOU vulnerabilities)

  5. Using JS to Steal Facebook Likes Claim your free iPad! User intent Bait and switch User tries to claim their free iPad, but 
 you want them to click your Like button (Many of these attacks are similar to TOCTTOU vulnerabilities)

  6. Using JS to Steal Facebook Likes Claim your free iPad! Actual outcome User intent Bait and switch User tries to claim their free iPad, but 
 you want them to click your Like button (Many of these attacks are similar to TOCTTOU vulnerabilities)

  7. Clickjacking When one principal tricks the user into 
 interacting with UI elements of another principal An attack application (script) compromises the context integrity 
 of another application’s User Interface when the user acts on the UI

  8. Clickjacking When one principal tricks the user into 
 interacting with UI elements of another principal An attack application (script) compromises the context integrity 
 of another application’s User Interface when the user acts on the UI 1. Visual context : what a user should see right before 
 the sensitive action. Ensuring this = the sensitive 
 Context UI element and the cursor are both visible Integrity 2. Temporal context : the timing of a user action. Ensuring 
 this = the user action at a particular time is what 
 the user intended

  9. Compromising visual integrity of the target • Hide the target element • CSS lets you set the opacity of an element to zero (clear)

  10. Compromising visual integrity of the target • Hide the target element • Partially overlay the target • CSS lets you set the opacity of • Or crop the parts you don’t want to show an element to zero (clear) To: Bad guy Pay From: Victim Amount: $1000

  11. Compromising visual integrity of the target • Hide the target element • Partially overlay the target • CSS lets you set the opacity of • Or crop the parts you don’t want to show an element to zero (clear) To: Bad guy To: Charity Pay From: Victim From: Nice person Amount: $1000 Amount: $10

  12. Compromising visual integrity of the pointer Claim your free iPad! Actual cursor • Manipulating cursor feedback

  13. Compromising visual integrity of the pointer Claim your free iPad! Displayed cursor Actual cursor • Manipulating cursor feedback

  14. Compromising visual integrity of the pointer Claim your free iPad! Displayed cursor Actual cursor • Manipulating cursor feedback

  15. Clickjacking to access a user’s webcam

  16. Some clickjacking defenses • Require confirmation for actions • Annoys users • Frame-busting : Website ensures that its “vulnerable” pages can’t be included as a frame inside another browser frame • So user can’t be looking at it with something invisible overlaid on top… • …nor have the site invisible above something else

  17. The attacker implements this by placing Twitter’s page in a “Frame” inside their own page, otherwise they wouldn’t overlap

  18. Some clickjacking defenses • Require confirmation for actions • Annoys users • Frame-busting : Website ensures that its “vulnerable” pages can’t be included as a frame inside another browser frame • So user can’t be looking at it with something invisible overlaid on top… • …nor have the site invisible above something else • Conceptually implemented with Javascript like 
 if(top.location != self.location) 
 top.location = self.location; 
 (actually, it’s quite tricky to get this right) • Current research considers more general approaches

  19. InContext Defense (recent research) • A set of techniques to ensure context integrity for user actions • Servers opt-in • Let the websites indicate their sensitive UIs • Let browsers enforce context integrity when users act on the sensitive UIs

  20. Ensuring visual integrity of pointer • Remove cursor customization • Attack success: 43% -> 16%

  21. Ensuring visual integrity of pointer • Lightbox effect around target on pointer entry • Attack success (freezing + lightbox): 2%

  22. Enforcing temporal integrity • UI delay: after visual changes on target or pointer, invalidate clicks for a few milliseconds • Pointer re-entry: after visual changes on target, invalidate clicks until pointer re-enters target

  23. Other forms of UI sneakiness • Along with stealing events, attackers can use the power of Javascript customization and dynamic changes to mess with the user’s mind • For example, the user may not be paying attention, so you can swap tabs on them • Or they may find themselves “eclipsed”

  24. Browser in browser

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

More attacks on Clients: Clickjacking/UI redressing, CSRF (Section 7.2.3 on Clickjacking;

More attacks on Clients: Clickjacking/UI redressing, CSRF (Section 7.2.3 on Clickjacking;

Software and Web Security 2 More attacks on Clients: Clickjacking/UI redressing, CSRF (Section 7.2.3 on Clickjacking; Section 7 2 7 on CSRF) Section 7.2.7 on CSRF) sws2 1 2 Clickjacking & UI redressing sws2 Click jacking & UI

409 views • 29 slides
Clickjacking Revisited A Perceptual View of UI Security Devdatta Akhawe / Warren He / Zhiwei Li/

Clickjacking Revisited A Perceptual View of UI Security Devdatta Akhawe / Warren He / Zhiwei Li/

Clickjacking Revisited A Perceptual View of UI Security Devdatta Akhawe / Warren He / Zhiwei Li/ Reza Moazzezi / Dawn Song University of California, Berkeley Clickjacking is a malicious technique of tricking a Web user into clicking on something

753 views • 39 slides
SY306 Web and Databases for Cyber Operations Slide Set #3: CSS

SY306 Web and Databases for Cyber Operations Slide Set #3: CSS

SY306 Web and Databases for Cyber Operations Slide Set #3: CSS http://www.w3schools.com/css/default.asp Style! 1 ClickJacking Attack! Past Clickjacking attacks By loading Adobe Flash plugin settings page into an invisible iframe, an

211 views • 18 slides
Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced Security Topics Name: Soteris Constantinou Instructor: Dr. Elias Athanasopoulos Authors: Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart

1.65k views • 81 slides
Section 6: Session Management, Lab 2, & Clickjacking CSE 484 / CSE M 584 Homework 2 Due @

Section 6: Session Management, Lab 2, & Clickjacking CSE 484 / CSE M 584 Homework 2 Due @

Section 6: Session Management, Lab 2, & Clickjacking CSE 484 / CSE M 584 Homework 2 Due @ 11:59pm Lab 2 Due @ 11:59pm May 8 May 22 Administrivia May 15 Final Project Checkpoint 1 Due Web Session Management Primitive Online

649 views • 35 slides
CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall tonight CSIC 1115, 5pm-7pm

CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall tonight CSIC 1115, 5pm-7pm

CLICKJACKING & PHISHING CMSC 414 FEB 28 2019 Town Hall tonight CSIC 1115, 5pm-7pm There is insufficient space in Iribe Virtually no student group space No TA space Extra space is going to non-CS UMIACS

1.29k views • 110 slides
Web Security Course: EPL 682 Name: Savvas Savva [1] A. Barth and C. Jackson and J. Mitchell ,

Web Security Course: EPL 682 Name: Savvas Savva [1] A. Barth and C. Jackson and J. Mitchell ,

Web Security Course: EPL 682 Name: Savvas Savva [1] A. Barth and C. Jackson and J. Mitchell , Robust Defenses for Cross - Site Request Forgery, pub. in 15th ACM Conference, 2008. [2] L. Huang and A. Moshchuk and H. Wang , Clickjacking:

828 views • 57 slides
UI Redressing A-acks on Android Devices Marcus Niemietz

UI Redressing A-acks on Android Devices Marcus Niemietz

UI Redressing A-acks on Android Devices Marcus Niemietz Ruhr-University Bochum Horst Grtz InsAtute German Book Clickjacking und UI-Redressing

879 views • 54 slides
Using JS to Steal Facebook Likes Claim your FREE iPad Bait-and-switch Note: many of these

Using JS to Steal Facebook Likes Claim your FREE iPad Bait-and-switch Note: many of these

Using JS to Steal Facebook Likes Claim your FREE iPad Bait-and-switch Note: many of these attacks are similar to TOCTTOU (Time of Check to Time of Use) vulnerabilities From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al,

376 views • 14 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Last time We continued By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow attacks & other vulnerabilities Overflow defenses Everything youve always wanted to know about

2.41k views • 197 slides
CS-527 Software Security Practical Defenses Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Practical Defenses Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Practical Defenses Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Fixing and Patching Vulnerabilities

419 views • 26 slides
On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th

On Adaptive Attacks to Adversarial Example Defenses Florian Tramr USENIX ScAINet August 10 th , 2020 Joint work with Nicholas Carlini, Wieland Brendel and Aleksander Madry What Are Adversarial Examples? 88% Tabby Cat 99% Guacamole Biggio

360 views • 21 slides
FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft

FOSAD07 Low-level Software Security: Attacks and Defenses lfar Erlingsson Microsoft Research, Silicon Valley and Reykjavk University, Iceland An example of a real-world attack Exploits a vulnerability in the GDI+ rendering of

1.26k views • 113 slides
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at

Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at

Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation shellcode (aka payload)

652 views • 36 slides
Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article

Hash-flooding DoS reloaded: Hash flooding begins? attacks and defenses July 1998 article Jean-Philippe Aumasson, Designing and attacking Kudelski Security (NAGRA) port scan detection tools by Solar Designer (Alexander D. J. Bernstein,

1.83k views • 164 slides
Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey,

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey,

Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search Abhimanyu Dubey, Laurens van der Maaten, I. Zeki Yalniz, Yixuan Li and Dhruv Mahajan Adversarial Images adversarial swan pelican perturbation

457 views • 8 slides
Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech

Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech

Mag Net A Two-Pronged Defense against Adversarial Examples Dongyu Meng Hao Chen ShanghaiTech University, China University of California, Davis, USA Neural networks in real-life applications user authentication autonomous

599 views • 30 slides
Adversarial Robustness via Runtime Masking and Cleansing Yi-Hsuan Wu Chia-Hung Yuan Shan-Hung

Adversarial Robustness via Runtime Masking and Cleansing Yi-Hsuan Wu Chia-Hung Yuan Shan-Hung

Adversarial Robustness via Runtime Masking and Cleansing Yi-Hsuan Wu Chia-Hung Yuan Shan-Hung Wu Department of Computer Science, National Tsing Hua University, Taiwan International Conference on Machine Learning, 2020 Y.H. Wu, C.H. Yuan,

1.3k views • 52 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
Cybercrime Kill Chain vs. Effec4veness of Defense Layers

Cybercrime Kill Chain vs. Effec4veness of Defense Layers

Cybercrime Kill Chain vs. Effec4veness of Defense Layers Dr. Stefan Frei & Francisco Arts @stefan_frei @franklyfranc

787 views • 60 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

1.13k views • 67 slides
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Anish Athalye* 1 , Nicholas Carlini * 2 , and David Wagner 3 1 Massachusetts Institute of Technology 2 University of California, Berkeley (now

540 views • 50 slides
The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop 2019-05-06 New Orleans Based on https://arxiv.org/pdf/1903.06293.pdf Definition Adversarial examples are inputs to machine learning models that

411 views • 22 slides
The material below presents the briefing slide text accompanied by recommended oral comments for

The material below presents the briefing slide text accompanied by recommended oral comments for

The material below presents the briefing slide text accompanied by recommended oral comments for people interested in military reform to give to audiences. While the presentation was created in the 1980s, it is remarkably relevant to the defense

521 views • 22 slides

More recommend