⭐ Merited by NeuroticFish (3) ,ABCbits (2) ,The Cryptovator (2) ,Dave1 (2) ,Charles-Tim (1) ,dkbit98 (1) ,goldkingcoiner (1)
A security researcher Marek Tóth, has identified that clickjacking is still a dangerous threat for everyone in the online world. Clickjacking as defined by Kaspersky:
The researcher did perform a test on 11 password managers that are used as browser extensions.
The main attack is that if you go on a malicious website and run a script and those websites uses, opacity settings, overlays, or pointer-event tricks to hide the autofill dropdown menu of a browser-based password manager. Then the cyber criminals will overlays fake elements like cookies and banners and even CAPTCHA. And once we fall on clicking the hidden controls, then they can get our sensitive information.
He also demonstrated that the UI follow the mouse cursor, it doesn't matter where you positioned, it will still trigger data autofills. So with this kind of attacks, criminals can gained access to all stored passwords, credit cards, and personal data (including crypto).
He term it as Document Object Model (DOM)-based extension clickjacking.
https://marektoth.com/blog/dom-based-extension-clickjacking/
And after this exposure, most of the password managers remain vulnerable. And as Mark said, when he reach out to them, they never responded. So this is still very serious flaw on their system and hopefully they are going to be patched soon. For sure most of us might have used one or two of those password manager because we think we are safe with them.
Quote
Clickjacking is an attack that tricks users into thinking they are clicking on one thing when in fact, they are clicking on something else. Essentially, unsuspecting users believe they are using a webpage’s usual user interface when in reality, attackers have imposed a hidden user interface instead. When users click on buttons they think are safe, the hidden user interface performs a different action. This can cause users to inadvertently download malware, provide credentials or sensitive information, visit malicious web pages, transfer money, or purchase products online.
The researcher did perform a test on 11 password managers that are used as browser extensions.
- 1Password
- Bitwarden
- Dashlane
- Enpass
- iCloud Passwords
- Keeper
- LastPass
- LogMeOnce
- NordPass
- ProtonPass
- RoboForm
The main attack is that if you go on a malicious website and run a script and those websites uses, opacity settings, overlays, or pointer-event tricks to hide the autofill dropdown menu of a browser-based password manager. Then the cyber criminals will overlays fake elements like cookies and banners and even CAPTCHA. And once we fall on clicking the hidden controls, then they can get our sensitive information.
He also demonstrated that the UI follow the mouse cursor, it doesn't matter where you positioned, it will still trigger data autofills. So with this kind of attacks, criminals can gained access to all stored passwords, credit cards, and personal data (including crypto).
He term it as Document Object Model (DOM)-based extension clickjacking.
https://marektoth.com/blog/dom-based-extension-clickjacking/
And after this exposure, most of the password managers remain vulnerable. And as Mark said, when he reach out to them, they never responded. So this is still very serious flaw on their system and hopefully they are going to be patched soon. For sure most of us might have used one or two of those password manager because we think we are safe with them.