Academic
Publications
Friend-in-the-middle Attacks

Friend-in-the-middle Attacks,Markus Huber,Martin Mulazzani,Edgar Weippl,Gerhard Kitzler,Sigrun Goluch

Friend-in-the-middle Attacks  
BibTex | RIS | RefWorks Download
In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as ``spam'') and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.
Published in 2010.
Cumulative Annual