Hackers exploit widget security holes

Powered by SC Magazine
 

New attacks that exploit widgets and gadgets are imminent, according to the latest Web Security Trends Report from Finjan.

Widgets are small applets that usually run in a web browser or on the desktop and provide a specific function such as weather reports or stock updates.

The technology is used as a way to personalise a desktop or webpage to provide the information users want.

Finjan's Malicious Code Research Centre has studied changing trends in attacks used by hackers to gain information or control of a user's PC.

Following current trends, the company's researchers predict that the increasing use of widgets is exposing computer users to a whole host of attacks.

All types of widget environments, including operating systems, third-party applications and web widgets, have inadequate security models that could allow malicious widgets to run.

The potential scale of the problem is highlighted by the fact that there are already around 3,720 widgets already available on Google, 3,197 on Apple and 3,959 on Facebook.

The Finjan research suggests that attacks that exploit the insecurities of widgets are imminent, and that a revised security model should be explored to protect users.

"As widgets become common in most modern computing environments their significance from a security standpoint rises," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and should be developed with security in mind.

"This attack vector could have a major impact on the industry, exposing corporations to new security considerations that need to be dealt with."

Finjan recommends that users refrain from using non-trusted third party widgets, just as they would do with full blown applications.

Extra caution should also be taken when using interactive widgets that rely on external feeds such as RSS which may be susceptible to attacks that exploit this trust by piggybacking a malicious payload on such data.

Copyright ©v3.co.uk


Hackers exploit widget security holes
 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 969

Vote