Clickjacking: An Increasing Vulnerability In Many Web Browsers

Clickjacking is an Increasing threat for many popular web browsers where malicious actions may take place causing havoc for computer users all over the world.

Some of you may have already heard about a method that inserts a functional click in the middle of a computer user's interaction with a web site which could link to malicious sites or perform unwanted functions called clickjacking.

So how does clickjacking take place and which web browsers are affected?

Many web browsers including Safari, IE, Firefox, Opera and even Google's Chrome are all susceptible to clickjacking. Clickjacking takes place on a web page that has been compromised where an iFrame is placed over the real content of a given web page. The real page may remain hidden while the iFrame is a faux layout that may have clickable buttons or components but in reality the hidden page is registering the actual click. The actual click that is registered may be a malicious link or action that is executed making it a dangerous situation or unknown action taking place on your computer.

An example of clickjacking that you can understand:

One instance where clickjacking performed an unusual action was a clickjacking proof-of-concept against Flash which Adobe has fixed to steer clear of this scenario. The video below is a demonstration of clickjacking taking place where it accesses your webcam without your permission.

As you can see in the demonstration video above, an iFrame was placed over the actual site but a clicking sequence was performed where the real page was not visible so the clicks registered on the hidden web page performed an unwanted computer function.

Many other scenarios are prevalent when it comes to clickjacking. Clickjacking is just another way for hackers to spread their malevolent programs over the internet, gain access to computers or use your system to perform illegal actions.

Have you ever become a victim to Click Jacking? Have you ever discovered or witnessed your computer performing an unwanted function on a web page that was apparently a click jacking attack?