Sirvi Autor "Kasenurm, Johanna" järgi
Nüüd näidatakse 1 - 1 1
- Tulemused lehekülje kohta
- Sorteerimisvalikud
listelement.badge.dso-type Kirje , Web eID Authentication Window Spoofing Proof-of-Concept(Tartu Ülikool, 2025) Kasenurm, Johanna; Paršovs, Arnis, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituutPhishing attacks are among the most common and effective ways to steal users' data as they manipulate users and exploit people's inattention and ignorance. The widespread use of the Web eID authentication solution makes it an important target for phishing attacks from a cybersecurity perspective. The picture-in-picture attack is a comparatively little-known attack executed in a browser environment. It represents a more sophisticated attack tactic that creates a fake pop-up window using various technical means that mimic a genuine browser or application window, but is entirely under the attacker's control. Similar tactics could be used against the Web eID authentication solution. This thesis aims to study the feasibility and effectiveness of a picture-in-picture attack against the Web eID authentication window to evaluate the security risk posed by this phishing attack. For this purpose, the bachelor's thesis aimed to create a web application demonstrating the picture-in-picture phishing attack against the Web eID authentication window, aiming to obtain the user’s PIN1. A user study was conducted to test the effectiveness of the created proof-of-concept implementation. The results show that only two out of ten participants could detect the attack. This proves that a picture-in-picture attack against the Web eID authentication window can be very effective in practice.