Understanding Clickjacking

Clickjacking is a devious technique where users are tricked into clicking on something different from what they perceive, essentially hijacking their clicks. This occurs when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, usually owned by another application, domain, or both.

The Roots of Clickjacking

The term "clickjacking" was coined by web security experts Robert Hansen and Jeremiah Grossman in 2008. The concept, however, has been around as long as web pages have been able to contain layered content. Clickjacking gained widespread attention when it was discovered that it could compromise privacy and security on prominent websites, leading to a surge in awareness and efforts to combat the threat.

Clickjacking in Action

An example of practical clickjacking is when a user thinks they are clicking on a video play button but are actually giving permission to access their webcam and microphone. The consequences can range from annoying to disastrous, as clickjacking can be used to initiate actions that compromise personal data, activate subscriptions, or even spread malware.

Benefits of Clickjacking

While clickjacking is largely negative, understanding it can have benefits. For security professionals, it underscores the need for robust website security measures. It also contributes to the evolution of web standards and better browser security. Recognizing the ingenuity behind clickjacking tactics can also lead to more innovative defensive strategies.

FAQ