We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

IE exploit can track mouse cursor - even when you're not in IE

A vulnerability affecting Internet Explorer versions 6 through 10 could make it possible for a hacker to monitor the movements of your mouse, even if the browser window is minimized.

MORE SECURITY: With BYOD, data breaches just waiting to happen

According to UK-based web analytics firm Spider.io, this means that passwords and PINs could be captured by a canny thief if they are typed on a virtual (on-screen) keyboard. What's more, it's already being exploited by two display advertising networks, the company said, though it did not name them in its statement.

"As long as the page with the exploitative advertiser's ad stays open - even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer - your mouse cursor can be tracked across your entire display," Spider.io said.

The company added that, while the problem has been acknowledged by the Microsoft Security Research Center, there are apparently no immediate plans for a patch.

Spider.io also published the technical details of the exploit, which involves the browser's global Event object, as well as a game demonstrating how it could be used to monitor user input to a virtual keyboard.

"Internet Explorer's event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any webpage (or in any iframe within any webpage) to poll for the position of the mouse cursor anywhere on the screen and at any time," the company said.

Email Jon Gold at [email protected] and follow him on Twitter at @NWWJonGold.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite