DoubleClickjacking: A New type of web hacking technique

(www.paulosyibelo.com)

134 points shinzub | 1 comments | 14 Jan 25 04:44 UTC | HN request time: 0.199s | source

Show context

maxrmk ◴[17 Jan 25 19:52 UTC] No.42742521[source]▶

This is clever, and I got a good laugh out of their example video. The demo UI of "Double click here" isn't very convincing - I bet there's a version of this that gets people to double click consistently though.

replies(3): >>42743385 #>>42743421 #>>42744773 #

bee_rider ◴[17 Jan 25 21:21 UTC] No.42743385[source]▶

>>42742521 #

Hmm. I guess it is never impossible that there’s a version of something that will trick people consistently. But, I’m kinda struggling to recall a time I’ve needed to double click on a website.

Actually the double-click action is pretty rare nowadays, right? In particular, I use it a lot to select a word in a terminal, but most of the time when I am getting UI instructions it is from a website about how to use the website itself, and since that’s a website it has to be abstract enough to also make sense for mobile users.

Telling people to double click is, I think, mostly dead.

replies(4): >>42743440 #>>42743495 #>>42743843 #>>42744539 #

1. chatmasta ◴[17 Jan 25 21:25 UTC] No.42743440[source]▶

>>42743385 #

It doesn’t need to be a literal double click. It could be something like a CAPTCHA “confirm you’re human,” where you click once, it appears to load, and then you click a confirm button. Do it fast enough and it might appear like a double click.

Not sure this would work with the exploit though.

↑