Abstract
Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate the feasibility of our attack. The friend injection attack enables a stealth infiltration of social networks and thus outlines the devastating consequences of active eavesdropping attacks against social networking sites.
Chapter PDF
Similar content being viewed by others
References
Facebook. Facebook statistics (2010), http://www.facebook.com/press/info.php?statistics (Online; accessed 5-January-2010)
Gross, R., Acquisti, A.: Information revelation and privacy in online social networks (the Facebook case). In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 71–80 (2005)
Jones, H., Soltren, J.H.: Facebook: Threats to Privacy. Project MAC: MIT Project on Mathematics and Computing (2005)
Bonneau, J., Anderson, J., Anderson, R., Stajano, F.: Eight friends are enough: social graph approximation via public listings. In: Proceedings of the Second ACM EuroSys Workshop on Social Network Systems, pp. 13–18. ACM, New York (2009)
Bilge, L., Strufe, T., Balzarotti, D., Kirda, E.: All your contacts are belong to us: Automated identity theft attacks on social networks. In: 18th International World Wide Web Conference (April 2009)
Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Communications of the ACM 50(10), 94–100 (2007)
Brown, G., Howe, T., Ihbe, M., Prakash, A., Borders, K.: Social networks and context-aware spam. In: Proceedings of the ACM 2008 conference on Computer supported cooperative work, pp. 403–412. ACM, New York (2008)
Huber, M., Kowalski, S., Nohlberg, M., Tjoa, S.: Towards automating social engineering using social networking sites. In: IEEE International Conference on Computational Science and Engineering, vol. 3, pp. 117–124 (2009)
He, X.: A Performance Analysis of Secure HTTP Protocol. STAR Lab Technical Report, Department of Electrical and Computer Engineering, Tennessee Tech University (2003)
Wikipedia. List of social networking websites — Wikipedia, The Free Encyclopedia (2009), http://en.wikipedia.org/wiki/List_of_social_networking_websites
Dwyer, C., Hiltz, S.R., Passerini, K.: Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace. In: Americas Conference on Information Systems (AMCIS), Keystone, Colorado, USA (2007)
Facebook. Facebook asks more than 350 million users around the world to personalize their privacy (2009), http://www.facebook.com/press/releases.php?p=133917 (Online accessed March 4, 2010)
Felt, A., Evans, D.: Privacy protection for social networking APIs. In: 2008 Web 2.0 Security and Privacy, W2SP 2008 (2008)
Alexa. Site info: Facebook (2010), http://www.alexa.com/siteinfo/facebook.com#trafficstats (Online accessed January 20, 2010)
dpkt - python packet creation/parsing library, http://code.google.com/p/dpkt/
Python mechanize library, http://wwwsearch.sourceforge.net/mechanize/
Adida, B.: Sessionlock: securing web sessions against eavesdropping. In: Proceeding of the 17th international conference on World Wide Web, pp. 517–524. ACM, New York (2008)
Xing business network - social network for business professionals, https://www.xing.com/
Jackson, C., Barth, A.: ForceHTTPS: Protecting high-security web sites from network attacks. In: Proceeding of the 17th international conference on World Wide Web, pp. 525–534. ACM, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Huber, M., Mulazzani, M., Weippl, E. (2010). Who on Earth Is “Mr. Cypher”: Automated Friend Injection Attacks on Social Networking Sites. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds) Security and Privacy – Silver Linings in the Cloud. SEC 2010. IFIP Advances in Information and Communication Technology, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15257-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-15257-3_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15256-6
Online ISBN: 978-3-642-15257-3
eBook Packages: Computer ScienceComputer Science (R0)