While this isn’t necessarily a vulnerability that could cause problems for the average user, those that make use of virtual keyboards – perhaps those with physical disabilities – are at risk thanks to a vulnerability in the Internet Explorer browser, making it possible for a nefarious few to track mouse movements.
Another group that could potentially be affected by this bug are those that use virtual keyboards as a way of entering passwords and sensitive information that would otherwise be picked up by a keylogger. However, it seems unlikely that anyone that security concious would be using IE in the first place.
The most worrying part of this vulnerability is that it doesn’t require the installation of any software, it simply works right off the bat. If you’re feeling sceptical, pop open Internet Explorer now and go here: http://iedataleak.spider.io/demo. For those that would rather view a demonstration video, here you go:[yframe url=’http://www.youtube.com/watch?v=qxUa2VWnE8A’]
Picked up by analytics firm, Spider.io, the tracking bug has now been confirmed publicly by Microsoft, though the pair have known about it since October. A fix is apparently in the works, but considering this vulnerability works on all IE versions 6 through 10, users should be especially careful.
When speaking with Wired, Spider.io explained that its system monitors browser optimisations, to discover what part of a page is in view. Because IE uses geometrics relative to page position to determine mouse location, the firm were able to abuse this to track the mouse pointer.
KitGuru Says: Just be wary of this one guys. It’s unlikely to lead to anything too malicious, but it’s a vulnerability nonetheless.