If you use Internet Explorer versions 6-10 as your primary browser and make online transactions using your credit/debit cards or online banking accounts, then you should read this very carefully.
The web analytics company spider.io has discovered that it was possible to track your mouse cursor movement for Internet Explorer versions 6-10 anywhere on the screen, even if your IE tab was minimized which poses a direct threat to your sensitive data including your online transaction passwords.
Here’s why this is disturbing news.
Many online transactions require entering a password to access your account info or even to make online payments. A popular method adopted by novice hackers is that of – keystroke logging or keylogging. The attacker uses a keylogger software to track the keystrokes that you make while entering your data. For this reason many of the modern websites and payment gateways encourage their users to use virtual keyboards and keypads as they reduce the risk of keylogging. To cut the long story short you use your mouse to enter the information on the virtual keyboards protecting you from becoming a victim of keylogging attacks.
But now with this vulnerability exposed in a browser which is among the most popular in the world the hacking community would probably be licking their left-clicks, surely many of you reading this post would be using an IE.
What makes this vulnerability even more dangerous is that even if IE is the only internet software installed on your machine and you have never downloaded or installed any suspicious software, you are still at risk. All that a hacker needs to do is simply buy a display advertising placeholder on any website/webpage of your interest and as long as you keep the tab displaying that ad open, mouse movements can be tracked.
Wired UK reports that the company has already notified Microsoft about the vulnerability back in October but software giant’s Security Research Centre has said that they have no immediate plans to fix the issue. The analytics company goes on to state that many web analytics companies have already taken advantage of this vulnerability.
Well if that’s the case then I am pretty sure hackers around the world would have already found some use for this exploitable piece of information, and MS should know that hackers don’t wait for such reports to be leaked to the media before they can plan an attack.
Security Tips For You:
- If you have been living under a rock for several years and are for some strange reason still using IE 6, then even Microsoft can’t help you, even they don’t recommend IE 6 anymore. Stop using it. Period.
- If you use IE 7-10 make sure you use the latest patch for it, go download one from microsoft.com.
- Best option – start using the latest version of Google Chrome or Mozilla Firefox, very much the best browsers out their in the market by a long shot.
Here is a video demo of the vulnerability. Better still, here is a try it yourself demo.
AttentionGrabber : Want to make your own little (harmless) keylogging program? keep watching this space for more.