Framing attacks on smart phones and dumb routers: Tap-jacking and Geo-localization attacks

4th USENIX Workshop on Offensive Technologies, WOOT 2010

Volumn , Issue , 2010, Pages

  Rydstedt, Gustav ^a   Gourdin, Baptiste ^a   Bursztein, Elie ^a   Boneh, Dan ^a  

^a STANFORD UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

WEBSITES; WIRELESS LOCAL AREA NETWORKS (WLAN);

DEVASTATING EFFECTS; FACEBOOK; HOME ROUTERS; INTERNET USE; MOBILE BROWSERS; SECRET KEY; USER INFORMATION; WI FI NETWORKS;

SMARTPHONES;

EID: 85095115501     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (13)

1. H. Bojinov, E. Bursztein, and D. Boneh. XCS: cross channel scripting and its impact on web applications. In CCS '09: Proceedings of the 16th ACM conference on Computer and communications security, pages 420-431. ACM, 2009.
2. A. Bortz, D. Boneh, and P. Nandy. Exposing private information by timing web applications. In Proc. of WWW'07, pages 621-628, 2007.
3. S. Dalili. ross site url hijacking by using error object in mozilla firefox. http://packetstormsecurity.org/papers/general/xsuh-firefox.pdf, May 2010.
4. Gnucitzien. More advanced clickjacking - ui redress attacks. www.gnucitizen.org/blog/more-advanced-clickjacking-ui-redress-attacks/, 2008.
5. R. Hansen. Clickjacking. ha.ckers.org/blog/ 20080915/clickjacking.
6. S. Kamkar. mapxss: Accurate geolocation via router exploitation. http://samy.pl/mapxss/, January 2010.
7. Microsoft. Internet explorer does not support user names and passwords in web site addresses (http or https urls). support.microsoft.com/kb/834489, Nov 2007.
8. Mozilla. Location-aware browsing. www.mozilla.com/en-US/firefox/geolocation.
9. Y. Niu, F. Hsu, and H. Chen. iphish: Phishing vulnerabilities on consumer electronics. In Proc. of UPSEC, 2008.
10. J. Resig. Clickjacking iphone attack, 2008. ejohn.org/ blog/clickjacking-iphone-attack.
11. G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In IEEE Oakland Web 2.0 Security and Privacy (W2SP'10), 2010. seclab.stanford. edu/websec/framebusting.
12. S. Stamm, Z. Ramzan, and M. Jakobsson. Drive-by pharming. In Proc. of ICICS, pages 495-506, 2007.
13. P. Stone. Next generation clickjacking. media. blackhat.com/bh-eu-10/presentations/ Stone/BlackHat-EU-2010-Stone-Next-\ Generation-Clickjacking-slides.pdf, 2010.