We are still vulnerable to clickjacking attacks: About 99% of Korean websites are dangerous

Daehyun Kim; Hyoungshick Kim

doi:10.1007/978-3-319-05149-9_10

We are still vulnerable to clickjacking attacks: About 99% of Korean websites are dangerous

Daehyun Kim
, Hyoungshick Kim

Department of Computer Science and Engineering

Sungkyunkwan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Clickjacking is an attack that tricks victims into clicking on invisible elements of a web page to perform an unintended action that is advantageous for an attacker. To defend against clickjacking, many techniques have already been proposed, but it is still unclear whether they are effectively deployed in practice. We study how vulnerable Korean websites are to clickjacking attacks by performing real attacks on top 100 popular Korean websites as well as all the financial websites. Our results are quite significant: almost all Korean websites (about 99.2 %) that we looked at are vulnerable to clickjacking attacks. Extending our observation to mobile websites, we can also obtain similar results.

Original language	English
Title of host publication	Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers
Publisher	Springer Verlag
Pages	163-173
Number of pages	11
ISBN (Print)	9783319051482
DOIs	https://doi.org/10.1007/978-3-319-05149-9_10
State	Published - 2014
Event	14th International Workshop on Information Security Applications, WISA 2013 - Jeju Island, Korea, Republic of Duration: 19 Aug 2013 → 21 Aug 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8267 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Workshop on Information Security Applications, WISA 2013
Country/Territory	Korea, Republic of
City	Jeju Island
Period	19/08/13 → 21/08/13

Access to Document

10.1007/978-3-319-05149-9_10

Cite this

Kim, D., & Kim, H. (2014). We are still vulnerable to clickjacking attacks: About 99% of Korean websites are dangerous. In Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers (pp. 163-173). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8267 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-05149-9_10

Kim, Daehyun ; Kim, Hyoungshick. / We are still vulnerable to clickjacking attacks : About 99% of Korean websites are dangerous. Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Springer Verlag, 2014. pp. 163-173 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{2c6e4e30b1ca4fb1a1a8c89a6ac0ef3f,

title = "We are still vulnerable to clickjacking attacks: About 99\% of Korean websites are dangerous",

abstract = "Clickjacking is an attack that tricks victims into clicking on invisible elements of a web page to perform an unintended action that is advantageous for an attacker. To defend against clickjacking, many techniques have already been proposed, but it is still unclear whether they are effectively deployed in practice. We study how vulnerable Korean websites are to clickjacking attacks by performing real attacks on top 100 popular Korean websites as well as all the financial websites. Our results are quite significant: almost all Korean websites (about 99.2 \%) that we looked at are vulnerable to clickjacking attacks. Extending our observation to mobile websites, we can also obtain similar results.",

author = "Daehyun Kim and Hyoungshick Kim",

year = "2014",

doi = "10.1007/978-3-319-05149-9\_10",

language = "English",

isbn = "9783319051482",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "163--173",

booktitle = "Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers",

note = "14th International Workshop on Information Security Applications, WISA 2013 ; Conference date: 19-08-2013 Through 21-08-2013",

}

Kim, D & Kim, H 2014, We are still vulnerable to clickjacking attacks: About 99% of Korean websites are dangerous. in Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8267 LNCS, Springer Verlag, pp. 163-173, 14th International Workshop on Information Security Applications, WISA 2013, Jeju Island, Korea, Republic of, 19/08/13. https://doi.org/10.1007/978-3-319-05149-9_10

We are still vulnerable to clickjacking attacks: About 99% of Korean websites are dangerous. / Kim, Daehyun; Kim, Hyoungshick.
Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Springer Verlag, 2014. p. 163-173 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8267 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - We are still vulnerable to clickjacking attacks

T2 - 14th International Workshop on Information Security Applications, WISA 2013

AU - Kim, Daehyun

AU - Kim, Hyoungshick

PY - 2014

Y1 - 2014

N2 - Clickjacking is an attack that tricks victims into clicking on invisible elements of a web page to perform an unintended action that is advantageous for an attacker. To defend against clickjacking, many techniques have already been proposed, but it is still unclear whether they are effectively deployed in practice. We study how vulnerable Korean websites are to clickjacking attacks by performing real attacks on top 100 popular Korean websites as well as all the financial websites. Our results are quite significant: almost all Korean websites (about 99.2 %) that we looked at are vulnerable to clickjacking attacks. Extending our observation to mobile websites, we can also obtain similar results.

AB - Clickjacking is an attack that tricks victims into clicking on invisible elements of a web page to perform an unintended action that is advantageous for an attacker. To defend against clickjacking, many techniques have already been proposed, but it is still unclear whether they are effectively deployed in practice. We study how vulnerable Korean websites are to clickjacking attacks by performing real attacks on top 100 popular Korean websites as well as all the financial websites. Our results are quite significant: almost all Korean websites (about 99.2 %) that we looked at are vulnerable to clickjacking attacks. Extending our observation to mobile websites, we can also obtain similar results.

UR - https://www.scopus.com/pages/publications/84958523905

U2 - 10.1007/978-3-319-05149-9_10

DO - 10.1007/978-3-319-05149-9_10

M3 - Conference contribution

AN - SCOPUS:84958523905

SN - 9783319051482

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 163

EP - 173

BT - Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers

PB - Springer Verlag

Y2 - 19 August 2013 through 21 August 2013

ER -

Kim D, Kim H. We are still vulnerable to clickjacking attacks: About 99% of Korean websites are dangerous. In Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Springer Verlag. 2014. p. 163-173. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-05149-9_10

We are still vulnerable to clickjacking attacks: About 99% of Korean websites are dangerous

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this