Technical Report: Friend-in-the-Middle (FITM) Attacks

Posted: July 14th, 2010 | Author: | Filed under: fitm, research, security | Tags: , , , , , , | 1 Comment »

Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.

FITM_TR0710

http://fitm.nysos.net

FITM Attacks (Image by http://www.flickr.com/photos/donsolo/)

This work is licensed under a Creative Commons Attribution 4.0 International License.


One Comment on “Technical Report: Friend-in-the-Middle (FITM) Attacks”

  1. 1 Tweets that mention Technical Report: Friend-in-the-Middle (FITM) Attacks | DIO.NYSOS.NET:~$ -- Topsy.com said at 16:28 on July 14th, 2010:

    […] This post was mentioned on Twitter by The Tech Gang. The Tech Gang said: #ContextAware Technical Report: Friend-in-the-Middle (FITM) Attacks | DIO.NYSOS …: This social data can then be … http://bit.ly/bbzZyW […]


Leave a Reply