Internet And The Web: Click Jacking

Nowadays, the security problems related to the internet has been increasing. The user needs to understand the security issues related to the internet in order to get protected from the various kind of cyber-attacks. The use of internet and the web has been changed in recent years. In a sense that the way we buy, sell and communicate with different vendors without going to the shop. With the growing use of the internet various threat upfront in the business. Among the various threat Click jacking is one of the web attacks that hijack the user site with the help of iframes (Rydstedt, Bursztein and Boneh, 2010).

Click jacking causes the severe damage to the user by stealing the personal details on social network compromising their personal credentials. Click jacking can be implemented by hiding the attacker application on the user interface and snip the user’s click (Rehman, Khan, Saqib and Kaleem, 2013).

It is necessary to recognize the clicking jacking attacks before mitigating click jacking.

Get quality help now

Prof. Finch

Verified writer

Proficient in: Digital Era

4.7 (346)

“ This writer never make an mistake for me always deliver long before due date. Am telling you man this writer is absolutely the best. ”

+84 relevant experts are online

Hire writer

It can be classified into three types:

Types of Click Jacking

Manipulation of target display: The attacker attracts the victim to click by displaying the rewarding message initiating the click from the user side without their knowledge.

Modifying the location of pointer: In this technique, the attacker creates a fake cursor to trap a victim by initiating a click. Attacker changes the setting of cursor with the help of CSS. This type of technique is also called cursor jacking (Shahriar and Devendran, 2014).

Timer event modification: This technique uses the advantage of the human slow reaction.

It takes certain time for the human to make a click. The attacker benefits it by changing the location of clicks targeted once first click is performed by the victim.

Other known exploits include

• Misleading the user and ask them to open webcam in social networking sites.
• Ask the user to make their personal information public.
• Following in Facebook.
• Clicking the Google ads and generate revenue.

Approaches for Mitigating Click Jacking

This type of attacks can be mitigated by employing frame busting code. This code needs to be present at the start of the web page. Some of the clicking jacking mitigation techniques are:

User Confirmation: Click jacking can be prevented by generating a dialog box at client side about the outcome of the click. This technique has been implementing in Facebook for Like button. However, this technique emphasis on definite objects.

Randomization of UI: The UI of genuine Web pages can be randomizing to protect the user from the attackers. The attacker would unable to find the exact location of target element thus failing the clicking jacking.

Guarded ID: This technique stop from storing the keystrokes on the browser. The user can view the portion under the click jacking.

Mouse click blocking: Instead of blocking framing, another way is to permit execution of transparent frames disabling the mouse clicks, if the frame is not completely visible. This technique only helps to protect dialog and cannot be used in other web context.