Black Hat USA 2013 - Clickjacking Revisited: A Perceptual View of UI Security

22:35 597 views 100% Published 8 years ago

By: Devdatta Akhawe

We revisit UI security attacks (such as clickjacking) from a perceptual perspective and argue that limitations of human perception make UI security difficult to achieve. We develop five novel attacks that go beyond current UI security defenses. Our attacks are powerful with a 100% success rate in one case. However, they only scratch the surface of possible perceptual attacks on UI security. We discuss possible defenses against our perceptual attacks and find that possible defenses either have an unacceptable usability cost or do not provide a comprehensive defense. Finally, we posit that a number of attacks are possible with a more comprehensive study of human perception.

Watch on YouTube

Black Hat USA 2013

Black Hat USA 2013

From 06/02/2014 to 06/02/2019 in Las Vegas, United States