Join us at TNW Conference 2022 for insights into the future of tech →

Inside money, markets, and Big Tech

This article was published on October 8, 2008

Like online games? Beware of ClickJacking

Like online games? Beware of ClickJacking
Ernst-Jan Pfauth
Story by

Ernst-Jan Pfauth

Ernst-Jan Pfauth is the former Editor in Chief of Internet at NRC Handelsblad, as well as an acclaimed technology author and columnist. He a Ernst-Jan Pfauth is the former Editor in Chief of Internet at NRC Handelsblad, as well as an acclaimed technology author and columnist. He also served as The Next Web’s blog’s first blogger and Editor in Chief, back in 2008. At De Correspondent, Ernst-Jan serves as publisher, fostering the expansion of the platform.

Most web-based games might appear innocent, but a blogger from GUYA.NET proves that they can function as a way for the web’s bad guys to take over your webcam. When this blogger first heard about this phenomenon clickjacking, he tried to develop a game that could do the same thing. He discovered that the Achilles heel of Flash was the Flash Player Setting Manager. Nice piece of citizen journalism.

By creating some sort of overlay in a Javascript Game, users just think they’re trying to click a button as fast as possible. What they really do, is granting some voyeur access to their web cam. Check it out:

[youtube:http://www.youtube.com/watch?v=gxyLbpldmuU]

Kudos for Adobe, who fixed this problem by “framebusting the Setting Manager pages“. Supposedly, 99.9% of the users are protected from spies, pervs, or whatnot. The issue still exists for Java, SilverLight, DHTML games and applications though. For details on this I gladly refer to ha.ckers.org.