Facebook security and privacy pitfalls
by Mirko Zorz - Wednesday, 12 March 2014.
In this interview, Andrei Serbanoiu, Online Threats Researcher at Bitdefender, discusses Facebook security and privacy pitfalls, the dangers of sharing on the social network, and offers insight for CISOs.

What are Facebook's most significant security and privacy pitfalls and how do cybercriminals take advantage of them?

The most significant security pitfalls on Facebook are the open settings of personal information (public by default) and the trusted environment that allows scams to be posted at a really fast pace from one timeline to another.

In recent years, we've noticed an increasing number of fake profiles spreading malicious and fraudulent links on the social network. If a bogus profile is eventually taken down, scammers are able to create a new one in a matter of seconds; the same situation goes with dangerous websites and scams. Just a couple of days ago, Britons and users worldwide got infected on Facebook with a Trojan replicated on 6,000 different websites due to a scam that lured users with fake videos of their friends naked.

Our recent research also showed a migration towards Facebook sponsored ads. As they are encapsulated inside a trustworthy environment and have become part of the social network, more users are likely to fall for suspicious ads than for a general spam message. These adverts are hard to control by the social network due to the design of the platform that allows the creators of third-party applications to use whatever ad network they consider fit.

Is it more dangerous to over-share on Facebook today than it was a few years ago?

Over-sharing on Facebook today is more dangerous than a few years ago because users now tend to share personal information on different websites and social networks at the same time.

Malware creators now have a variety of cyber-crime tools at hand. Starting from people search engines to real-time data bases with companies, employees and interests, pictures, geo-locations targeted through “innocent” Android apps, hackers have a range of weapons at their disposal to use against users and enterprises.

Besides the complexity of cybercrime tools that may be used for targeted attacks, hackers also take advantage of the increasing number of unwary Facebook users who over-share private details. There are cases when users shared pictures with their new passports without blurring any detail. Over-sharing not only helps social media advertisers but also allows cyber-criminals to better pick their targets for precise and successful campaigns.

Facebook has a very comprehensive list of targeting options that range from certain age groups, to specific geographical areas, education groups or even specific interests (in a company or a domain). This allows for a very precise targeting of persons exposed to the message, unlike the very coarse one used in traditional spam-based advertising.

Over-sharing itself is encapsulated in the social network’s policy which exposes non-savvy users to its open privacy settings, including open profile and pictures and private information being made public by default. The recent launch of Graph Search feature also helped scammers to take advantage of the increasing over-sharing of information. Only security-conscious users rushed to lock down their privacy settings to keep personal details far from intruders. Graph Search allows everyone to find old posts, status updates and every comment, photo caption and check-in users ever posted on the platform since opening an account.

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //