It may be in your best interest to avoid using virtual keyboards or keypads if you use Internet Explorer.
Web analytics firm, Spider.io discovered a security flaw within Microsoft’s Internet Explorer that can result in cursor movement being tracked as long as the browser window is open.
No software has to be downloaded or executed by the end-user, and it doesn’t matter if the browser window is minimized, unfocused or inactive. All the attacker has to do is buy an advertisement slot on a webpage that you happen to visit using good ol’ IE. As long as you keep that page open, your mouse can be tracked across your entire display – not just within the confines of Internet Explorer.
So what’s the problem?
This vulnerability opens up the possibility of collecting data keyed into virtual keyboards and keypads, which are sometimes used to reduce the chances of keystrokes being captured via keylogging software.
A video demonstration of the vulnerability is available, and you can try the exploit out for yourself by visiting this link using Internet Explorer: http://iedataleak.spider.io/demo
Spider.io disclosed the vulnerability to Microsoft back on October 1st, 2012. Microsoft confirmed the bug, but didn’t seem all that interested in fixing it. Spider.io then released the details of the exploit to the public in hopes of spreading user awareness and getting Microsoft to releasing a fix. At least two [unnamed] ad analytics companies are said to be exploiting the bug to their advantage, so let's hope Microsoft addresses the vulnerability before the bad guys start using it too.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+