Could the technology envisioned in a newly-published patent application by Apple take a bite out of malicious Web sites?
Apple has cooked up a novel way to thwart cybercriminals who serve up malware via spoofed Web pages.
A patent application called "Graphical user interface element incorporating real-time environment data" published Thursday by the US Patent and Trademark Office describes a method to automatically update your browser's interface in real time. Okay, so how would that impede Web page spoofers?
To trick people into visiting malicious Web sites, the bad guys can mimic or spoof parts of your browser's GUI (graphical user interface). Clicking on a link or entering log-in credentials on one of these spoofed pages can then direct you to a malware-hosting page or one where you're prompted to enter personal information.
Apple's invention would use your device's camera, microphone, or on-board sensors to constantly update the browser's interface without you having to do anything. Since these real-time updates would be generated locally by your device, they couldn't be spoofed, which means your browser's interface should be safe and secure.
The technology itself could be used in desktops, laptops, phones, and tablets, according to Apple. The patent application describes the invention in the usual technical terms:
A graphical user interface element incorporates real-time environment data from the user's environment. For example, a live video image captured by a local camera can be incorporated into the GUI, e.g., in a background region of a GUI element such as a menu bar. Front-facing (or rear-facing) camera images can be used to create a reflective (or translucent) effect. Color changes can reflect changes in ambient lighting. GUI elements can also be modified based on other real-time environment data, such as audio. The incorporation of real-time environment data into a user interface element for an application provides protection against spoofing of that element.
As always, a patent application simply describes a concept, so there's no guarantee this anti-spoofing technology will end up in your own browser. But as malware distributors get more clever, the tech industry needs to find new and more innovative ways to fight back.