Technical Report: Friend-in-the-Middle (FITM) Attacks

Posted: July 14th, 2010 | Author: | Filed under: fitm, research, security | Tags: , , , , , , | 1 Comment »

Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.


FITM Attacks (Image by

This work is licensed under a Creative Commons Attribution 4.0 International License.

One Comment on “Technical Report: Friend-in-the-Middle (FITM) Attacks”

  1. 1 Tweets that mention Technical Report: Friend-in-the-Middle (FITM) Attacks | DIO.NYSOS.NET:~$ -- said at 16:28 on July 14th, 2010:

    […] This post was mentioned on Twitter by The Tech Gang. The Tech Gang said: #ContextAware Technical Report: Friend-in-the-Middle (FITM) Attacks | DIO.NYSOS …: This social data can then be … […]

Leave a Reply