CLICKJACKING REVISITED: A PERCEPTUAL VIEW OF UI SECURITY

We revisit UI security attacks (such as clickjacking) from a perceptual perspective and argue that limitations of human perception make UI security difficult to achieve. We develop five novel attacks that go beyond current UI security defenses. Our attacks are powerful with a 100% success rate in one case. However, they only scratch the surface of possible perceptual attacks on UI security. We discuss possible defenses against our perceptual attacks and find that possible defenses either have an unacceptable usability cost or do not provide a comprehensive defense. Finally, we posit that a number of attacks are possible with a more comprehensive study of human perception.

Presented by