Isle of Man-based Xplosion used a practice known as "
clickjacking" in which popup ads or play buttons hide subscription charges.
In a practice known as "
clickjacking" which uses pop-up ads or play buttons to hide subscription costs, users were charged up to PS9.50 a week for adult videos, quizzes and competitions on their mobiles.
Isle of Man-based Xplosion used a practice known as "
clickjacking" in which pop-up ads or play buttons hide subscription charges.
Participants used various attack methods to exploit vulnerabilities in web applications such as cross site scripting, SQL injection, forced browsing, privilege escalation, cross site request forgery,
clickjacking, session hijacking, and resetting passwords (Chu et al., 2009).
"WAP billing can be particularly vulnerable to so-called '
clickjacking' as it has a one-click feature that requires no user authorization.
"The possible attacks include advanced
clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app [with all permissions enabled], and silent phone unlocking [and] arbitrary actions [while keeping the screen off]," the researchers wrote.
Clickjacking Simply put, this is a way of getting a victim to unknowingly click on things that benefit the hacker.