Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam

M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, S. Goluch:
"Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam";
IEEE Internet Computing,Special Issue on Security and Privacy in Social Networks(2011).

[ Publication Database ]


In this work we present our friend-in-the-middle attacks on SNSs and how it can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplary on Facebook and estimate the impact based upon a simulation on a regional network of Facebook. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.