Abstract. In this work we present our friend-in-the-middle attacks on SNSs and how it can be used to harvestsocial data in an automated fashion. This social data can then be exploited for large-scale attacks such as
context-aware spam and social-phishing. We prove the feasibility of our attack exemplary on Facebook
and estimate the impact based upon a simulation on a regional network of Facebook. Alarmingly, all
major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.
@article{huber2011friend,
author = {Markus Huber and Martin Mulazzani and Gerhard Kitzler and Sigrun Goluch and Edgar Weippl}, title = {Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam}, journal ={IEEE Internet Computing}, volume = {15}, issn = {1089-7801}, year = {2011}, pages = {28-34}, doi = {http://doi.ieeecomputersociety.org/10.1109/MIC.2011.24}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, url = {http://dl.dropbox.com/u/571550/preprints/FITM_InternetComputing_preprint.pdf} } ![]() Markus Huber, Martin Mulazzani, Edgar Weippl, Gerhard Kitzler, Sigrun Goluch CCS '10 Proceedings of the 17th ACM conference on Computer and communications security, 2010 |