Clickjacking the iPhone

Yesterday I posted an entry explaining that smartphone users should pay attention to their web browsing to prevent clickjack attacks. That was just a general warning. Today I’d like to delve a little more into the details of smartphone clickjack attacks.

This is a prime example of why those of us who use iPhones, Blackberries, and similar devices should worry about clickjacking when we use our phones.

http://amyjoaquin.blogspot.com/2008/11/clickjacking-iphone-attack-by-john.html

In this article, John Resig discusses his experience at a 2008 iPhone development camp where he met some people developing JavaScript for the device. While talking to these developers he learned that they kept running into a bug that was causing some web page elements to jump off the screen. They were still there, but the user could not see them.

This concerned Resig because of its potential clickjacking implications. He got a sample test from one of the guys so that he could experiment on his own to determine whether users could actually interact with any of the elements that jumped out of the iframe.

It didn’t take long before he had confirmed his suspicions.

Apple isn’t run by a bunch of dummies, though. They were quickly looking for a solution to this problem, which they released with the iPhone 2.2.

That solves that problem, but it’s always a matter of time before clickjackers and other cybercriminals find a way to use the iPhone’s security against itself. After all, clickjacking uses one of the fundamental elements of the internet to truck users into doing things that they don’t even know they are doing.

Apple’s speedy update that corrected this potential clickjacking problem is one of the reasons that it’s important for people to use the latest technology instead of relying on old devices and software. If you’re still using an iPhone that uses the old software, then you’re still susceptible to this clickjack attack.

This goes for other smart phones and browsers as well.

Granted, if you hold on to the device for about ten years without making any changes, then there’s a good chance that you’ll be in the clear. Once your tech gets old enough, very few hackers will even think to focus on you. Then again, you probably won’t be able to use it for much either, so it’s kind of a win-lose situation…

Advertisements
Explore posts in the same categories: Uncategorized

Tags: , , , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: