Clickjacking Attacks Unresolved
We would like to share a white paper of our ongoing clickjacking research and some demos by CyLab researchers David Huang and Collin Jackson at Carnegie Mellon Silicon Valley. In our white paper, we describe a practical de-anonymization attack on social network users, based on Likejacking. We also introduce a new type of click timing attack called double-clickjacking that can bypass current defenses and steal the user’s data from popular OAuth service providers. We would like to make clear that IFRAME-based defenses are ineffective. Moreover, clickjacking is not all about IFRAMEs.
White paper: Clickjacking Attacks Unresolved