Skip to main content
SpringerLink
Log in

A Novel Technique for Defeating Virtual Keyboards - Exploiting Insecure Features of Modern Browsers

  • Conference paper
Advances in Computing and Communications (ACC 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 191))

Included in the following conference series:

  • 1413 Accesses

Abstract

Advancement in technology is a necessity of time, but as new techniques are introduced, new security vulnerabilities are discovered and exploited in practice. In this paper we are presenting a new approach to defeat virtual keyboards using a new method for capturing parts of a browser screen. The page rendered in the browser is captured by using the canvas element provided by HTML5. We have specified the technical details of how this functionality is exploited and created a malicious extension for Mozilla Firefox browser. This extension captures screenshots of web pages rendered in the browser and sends them to a remote server. In addition, we have suggested mitigation strategies to prevent misuse of such browser functionalities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Banking Trojan Captures User’s Screen in Video Clip, Hispasec/VirusTotal (September 05, 2006), http://www.hispasec.com/laboratorio/banking_trojan_capture_video_clip.pdf

  2. New technique against virtual keyboards, Hispasec/VirusTotal, Hispasec / VirusTotal (September 26, 2006), http://www.hispasec.com/laboratorio/New_technique_against_virtual_keyboards.pdf

  3. Debasis Mohanty: Defeating Virtual Keyboard Protection, http://www.coffeeandsecurity.com/resources/papers/defeat-vk.pdf

  4. Cracking On-Screen Keyboards with Visual Keyloggers, http://mrooney.blogspot.com/2009/02/cracking-on-screen-keyboards-with.html

  5. Virtual Keyboard and the Fight Against Keyloggers, http://palisade.plynt.com/issues/2009Feb/fight-against-keyloggers/

  6. W32/Dumaru, http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=100980

  7. Screenshot, http://en.wikipedia.org/wiki/Screenshot

  8. Trusteer Rapport, http://www.trusteer.com/product/trusteer-rapport

  9. SnoopFree Privacy Shield, http://www.snoopfree.com/

  10. HTML5 Canvas, http://diveintohtml5.org/canvas.html

  11. Canvas Tutorial, https://developer.mozilla.org/en/canvas_tutorial

  12. Basic Usage of Canvas Element, https://developer.mozilla.org/en/Canvas_tutorial/Basic_usage

  13. Drawing Graphics with Canvas, https://developer.mozilla.org/en/drawing_graphics_with_canvas

  14. HTMLCanvasElement, https://developer.mozilla.org/en/DOM/HTMLCanvasElement

  15. OnHacks Firefox Malware Tutorial, http://onhacks.org/lang/en/2009/02/11/firefox-malware-tutorial-1/

  16. nsIDOMHTMLCanvasElement interface, http://www.oxymoronical.com/experiments/xpcomref/applications/Firefox/3.5/interfaces/nsIDOMHTMLCanvasElement

  17. nsIDOMCanvasRenderingContext2D, https://developer.mozilla.org/en/XPCOM_Interface_Reference/nsIDOMCanvasRenderingContext2D

Download references

Author information

Authors and Affiliations

  1. Information Security Research Lab, Department of Computer Science and Engineering, National Institute of Technology Karnataka, Surathkal, India

    Tanusha S. Nadkarni, Radhesh Mohandas & Alwyn R. Pais

Authors
  1. Tanusha S. Nadkarni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Radhesh Mohandas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alwyn R. Pais
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Machine Intelligence Research Labs (MIR Labs), Auburn, 98071-2259, Washington, USA

    Ajith Abraham

  2. Departamento de Comunicaciones, Universidad Politcnica de Valencia, 46071, Valencia, Spain

    Jaime Lloret Mauri

  3. Avaya Labs Research, Basking Ridge, NJ, USA

    John F. Buford

  4. University of Massachusetts, 100 Morrissey Blvd., 02125-3393, Boston, MA, USA

    Junichi Suzuki

  5. Rajagiri School of Engineering and Technology, Rajagiri Valley, Kakkanad, 682 039, Kochi, India

    Sabu M. Thampi

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nadkarni, T.S., Mohandas, R., Pais, A.R. (2011). A Novel Technique for Defeating Virtual Keyboards - Exploiting Insecure Features of Modern Browsers. In: Abraham, A., Lloret Mauri, J., Buford, J.F., Suzuki, J., Thampi, S.M. (eds) Advances in Computing and Communications. ACC 2011. Communications in Computer and Information Science, vol 191. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22714-1_71

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22714-1_71

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22713-4

  • Online ISBN: 978-3-642-22714-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation