Hackers exploit widget security holes

Powered by SC Magazine

New attacks that exploit widgets and gadgets are imminent, according to the latest Web Security Trends Report from Finjan.

Widgets are small applets that usually run in a web browser or on the desktop and provide a specific function such as weather reports or stock updates.

The technology is used as a way to personalise a desktop or webpage to provide the information users want.

Finjan's Malicious Code Research Centre has studied changing trends in attacks used by hackers to gain information or control of a user's PC.

Following current trends, the company's researchers predict that the increasing use of widgets is exposing computer users to a whole host of attacks.

All types of widget environments, including operating systems, third-party applications and web widgets, have inadequate security models that could allow malicious widgets to run.

The potential scale of the problem is highlighted by the fact that there are already around 3,720 widgets already available on Google, 3,197 on Apple and 3,959 on Facebook.

The Finjan research suggests that attacks that exploit the insecurities of widgets are imminent, and that a revised security model should be explored to protect users.

"As widgets become common in most modern computing environments their significance from a security standpoint rises," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and should be developed with security in mind.

"This attack vector could have a major impact on the industry, exposing corporations to new security considerations that need to be dealt with."

Finjan recommends that users refrain from using non-trusted third party widgets, just as they would do with full blown applications.

Extra caution should also be taken when using interactive widgets that rely on external feeds such as RSS which may be susceptible to attacks that exploit this trust by piggybacking a malicious payload on such data.

Copyright ©v3.co.uk

Hackers exploit widget security holes
Top Stories
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
Sending in the drones
Margins are getting tighter in the industrial services industry, so Transfield Services' Stephen Phillips looks offshore - and to the skies - for the solutions he needs to keep pace.
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
Sign up to receive iTnews email bulletins
Latest Comments
Should Optus make a bid for iiNet?

   |   View results