Categories
fitm research security

Technical Report: Friend-in-the-Middle (FITM) Attacks

Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.

FITM_TR0710

http://fitm.nysos.net

FITM Attacks (Image by http://www.flickr.com/photos/donsolo/)

This work is licensed under a Creative Commons Attribution 4.0 International License.

One reply on “Technical Report: Friend-in-the-Middle (FITM) Attacks”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.