Skip to main content

Attack Example - ClickJacking+Spoofing - UI Redress - Trusted User Interface

ClickJacking and Spoofing Attack Example - Trusted User Interface attack. It used to be that the most common operating system and browser being targeted for this kind of attack is Windows and IE. The underlying reason was that Windows has more users and Internet Explorer was basically File Explorer having a different user interface.

Today, the attack surface is wider and much more complicated to notice. The screenshot posted here is a combination of a User Interface (UI) spoofing from a ClickJack.

I arrived at that page through a movie streaming site. The UI was straightforward, a play-button in the center, a volume control, resolution selector, and fullscreen button. Upon clicking the large play button at the center of the video, a tab was automatically opened and it presented me that interface.

For the observant, you'll notice immediately what's wrong here. For most people simply in a hurry to get on with what they are doing, they'd likely just click update because it's almost always the recommended action by everyone. Keeping applications up-to-date or updated is almost everyone's recommendation when it comes to basic security. Today, you'll see an example at why it isn't always true.

Figured out the problem already? No? Yes? The problem is that even though I am on an Apple computer, I am not on OSX, I have already upgraded to Mac OS. OS X and Mac OS have different UI elements. Notice that in the screenshot, the top left section of the User Interface have different buttons than the one in the center. The close, minimize, and fullscreen button in the bigger UI are flat colors while on the UI that is centered appears to be glossy or with color graduation, the glossy and color graduation UI style is an element used in the older OS X operating system of Apple. And that goes to show that the UI displayed at the center is not a notification or UI element presented by Mac OS but a "clever" attempt at spoofing a UI that users will likely click. The external UI is actually a web browser while the centered UI is most likely an image with a malicious script waiting for users to click and agree to.

Resolution

One could say that this attack is a wolf in sheep's clothing. And if this happens to you, the best course of action is to close the browser.

As always, this is easier said than done. The resolution is that everyone should familiarize the user interface elements used by their operating system of choice and always be careful thinking thoroughly what one is about to click or agree-to to be done on their computer/devices.

Help Secure the Internet

If you encounter this attack, do comment in the section below or post a screenshot of what happened to you. Feedback and discussion is always appreciated and valued.

Comments

Popular Posts

Protect Personal Information - Present and Future Value

Dear Mothers, We understand you are proud of your child. You can shout to the world that you are but please do not share your child's personal information online.

Like Farming - Not All You Like Is What It Is

Only a few people will really believe warnings such as the one we're about to quote. It goes like this: