Publications in Scientific Journals:
M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, S. Goluch:
"Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam";
IEEE Internet Computing,
Special Issue on Security and Privacy in Social Networks
In this work we present our friend-in-the-middle attacks on SNSs and how it can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplary on Facebook and estimate the impact based upon a simulation on a regional network of Facebook. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.
Electronic version of the publication:
Created from the Publication Database of the Vienna University of Technology.