This article was published on October 8, 2008

Like online games? Beware of ClickJacking


Like online games? Beware of ClickJacking

Most web-based games might appear innocent, but a blogger from GUYA.NET proves that they can function as a way for the web’s bad guys to take over your webcam. When this blogger first heard about this phenomenon clickjacking, he tried to develop a game that could do the same thing. He discovered that the Achilles heel of Flash was the Flash Player Setting Manager. Nice piece of citizen journalism.

By creating some sort of overlay in a Javascript Game, users just think they’re trying to click a button as fast as possible. What they really do, is granting some voyeur access to their web cam. Check it out:

[youtube:http://www.youtube.com/watch?v=gxyLbpldmuU]

Kudos for Adobe, who fixed this problem by “framebusting the Setting Manager pages“. Supposedly, 99.9% of the users are protected from spies, pervs, or whatnot. The issue still exists for Java, SilverLight, DHTML games and applications though. For details on this I gladly refer to ha.ckers.org.

Get the TNW newsletter

Get the most important tech news in your inbox each week.