IE mouse-tracking flaw allows anyone to steal passwords
By Stewart Mitchell
Posted on 13 Dec 2012 at 10:32
Security experts have revealed a flaw in Internet Explorer – versions 6 to 10 – than means attackers could trace mouse movements.
According to analytics company Spider.io, the vulnerability is a significant threat because it allows malicious parties to read entries entered via on-screen keyboards and keypads.
Virtual keypads are used as a security measure when signing into services such as online banking in a bid to thwart keystroke logging attacks.
According to Spider.io, the attack requires no serious hacking tools, nor for the browser to download any malware, because it can be employed via online ads.
The vulnerability is already being exploited by at least two display ad analytics companies across billions of page impressions per month
"An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit - this is not restricted to low-brow porn and file-sharing sites," the company warned.
"Through today’s ad exchanges, any site from YouTube to the New York Times is a possible attack vector. Indeed, the vulnerability is already being exploited by at least two display ad analytics companies."
Spider.io notified Microsoft of the flaw in October, but it isn't planning to immediately fix the problem, which is why the analytics firm has taken it public.
"It is important for users of Internet Explorer to be made aware of this vulnerability and its implications - the vulnerability is already being exploited by at least two display ad analytics companies across billions of page impressions per month," Spider.io said in a blog post
- Adobe Dreamweaver CC review: first look
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Google two-step verification: a must for business email
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?