CLICKJACKING REVISITED: A PERCEPTUAL VIEW OF UI SECURITY

Black Hat USA 2013

Presented by: Devdatta Akhawe
Date: Wednesday July 31, 2013
Time: 15:30 - 16:00
Location: Augustus 1 & 2

We revisit UI security attacks (such as clickjacking) from a perceptual perspective and argue that limitations of human perception make UI security difficult to achieve. We develop five novel attacks that go beyond current UI security defenses. Our attacks are powerful with a 100% success rate in one case. However, they only scratch the surface of possible perceptual attacks on UI security. We discuss possible defenses against our perceptual attacks and find that possible defenses either have an unacceptable usability cost or do not provide a comprehensive defense. Finally, we posit that a number of attacks are possible with a more comprehensive study of human perception.

Devdatta Akhawe

Devdatta is a graduate student studying how to build better and more secure systems at UC Berkeley. In the past, he has interned at Mozilla, Microsoft (MSRC), Yahoo! Labs, and Microsoft Research. More information about his research as well as how to pronounce his name, at his home page: https://www.cs.berkeley.edu/~devdatta


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats