Framing Attacks on Smartphones Dumb Routers and Social Sites Tap-jacking Geo-localization and Framing Leak Attacks

While many popular web sites on the Internet use frame busting to defend against clickjacking, very few mobile sites use frame busting. Similarly, few embedded web sites such as those used on home routers use frame busting. In this paper we show that framing attacks on mobile sites and home routers can have devastating effects. We develop a new attack called tap-jacking that uses features of mobile browsers to implement a strong clickjacking attack on phones. Tap-jacking on a phone is more powerful than traditional clickjacking attacks on desktop browsers. For home routers we show that framing attacks can result in theft of the wifi WPA secret key and a precise geo-localization of the wifi network. Finally, we leverage the recent scrolling technique of Stone to develop a framing attack that defeats the clever frame busting approach employed by Facebook. The attack exposes private user information.

Workshop On Offensive Technologies 2010


Share this paper on your favorite social network.

BlackHat USA / Defcon

Stay in touch

Join the 35K awesome readers community!



Be in the Know

Join thousands of readers who receive my latest blog posts in their inbox.
No spam I promise and you can unsubscribe anytime.
Elie Bursztein © 2017
About Me

Recent entries