theme image
Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacksFraming attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks
  1. publications
  2. hacking

Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks

Available Media

Publication (Pdf)

ConferenceWorkshop On Offensive Technologies (WOOT) - 2010
AuthorsGustav Rydstedt , Baptiste Gourdin , Elie Bursztein ,
Citation

Bibtex Citation

@inproceedings{ RYDSTEDT2010FRAMING,title = {Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks},author = {"Gustav, Rydstedt" and "Baptiste, Gourdin" and "Elie, Bursztein" and "Dan, Boneh"},booktitle = {Workshop On Offensive Technologies},year = {2010},organization = {Usenix}}

While many popular web sites on the Internet use frame busting to defend against clickjacking, very few mobile sites use frame busting. Similarly, few embedded web sites such as those used on home routers use frame busting. In this paper we show that framing attacks on mobile sites and home routers can have devastating effects. We develop a new attack called tap-jacking that uses features of mobile browsers to implement a strong clickjacking attack on phones. Tap-jacking on a phone is more powerful than traditional clickjacking attacks on desktop browsers. For home routers we show that framing attacks can result in theft of the wifi WPA secret key and a precise geo-localization of the wifi network. Finally, we leverage the recent scrolling technique of Stone to develop a framing attack that defeats the clever frame busting approach employed by Facebook. The attack exposes private user information.

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.