Hackers exploit widget security holes

Powered by SC Magazine
 

New attacks that exploit widgets and gadgets are imminent, according to the latest Web Security Trends Report from Finjan.

Widgets are small applets that usually run in a web browser or on the desktop and provide a specific function such as weather reports or stock updates.

The technology is used as a way to personalise a desktop or webpage to provide the information users want.

Finjan's Malicious Code Research Centre has studied changing trends in attacks used by hackers to gain information or control of a user's PC.

Following current trends, the company's researchers predict that the increasing use of widgets is exposing computer users to a whole host of attacks.

All types of widget environments, including operating systems, third-party applications and web widgets, have inadequate security models that could allow malicious widgets to run.

The potential scale of the problem is highlighted by the fact that there are already around 3,720 widgets already available on Google, 3,197 on Apple and 3,959 on Facebook.

The Finjan research suggests that attacks that exploit the insecurities of widgets are imminent, and that a revised security model should be explored to protect users.

"As widgets become common in most modern computing environments their significance from a security standpoint rises," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and should be developed with security in mind.

"This attack vector could have a major impact on the industry, exposing corporations to new security considerations that need to be dealt with."

Finjan recommends that users refrain from using non-trusted third party widgets, just as they would do with full blown applications.

Extra caution should also be taken when using interactive widgets that rely on external feeds such as RSS which may be susceptible to attacks that exploit this trust by piggybacking a malicious payload on such data.

Copyright ©v3.co.uk


Hackers exploit widget security holes
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1792

Vote
Do you support the abolition of the Office of the Information Commissioner?