Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
Concept
Clickjacking
Summary
Clickjacking (classified as a user interface redress attack or UI redressing) is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages.
Clickjacking is an instance of the confused deputy problem, wherein a computer is tricked into misusing its authority.
In 2002, it had been noted that it was possible to load a transparent layer over a web page and have the user's input affect the transparent layer without the user noticing. However, this was mainly ignored as a major issue until 2008.
In 2008, Jeremiah Grossman and Robert Hansen had discovered that Adobe Flash Player was able to be clickjacked, allowing an attacker to gain access of the computer without the user's knowledge.
The term "clickjacking" was coined by Jeremiah Grossman and Robert Hansen, a portmanteau of the words "click" and "hijacking."
As more attacks of a similar nature were discovered, the focus of the term "UI redressing" was changed to describe the category of these attacks, rather than just clickjacking itself.
One form of clickjacking takes advantage of vulnerabilities that are present in applications or web pages to allow the attacker to manipulate the user's computer for their own advantage.
For example, a clickjacked page tricks a user into performing undesired actions by clicking on concealed links. On a clickjacked page, the attackers load another page over the original page in a transparent layer to trick the user into taking actions, the outcomes of which will not be the same as the user expects. The unsuspecting users think that they are clicking visible buttons, while they are actually performing actions on the invisible page, clicking buttons of the page below the layer. The hidden page may be an authentication page; therefore, the attackers can trick users into performing actions which the users never intended.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.