Social Networking and its Application Security

Social Networks have been an important part of our life, yes, we tweet for photos we click, every moment of happiness, sadness and the news around, we update our status if we start a relationship or end one, or even travel itinerary and hotel check-ins, movie moments, fun with friends, in fact everything that we do every moment in our life is open to the world we want to share. Play games with friends and make new friends.

This is the bright and beautiful side of the social networking considering the following reasons:

  1. You get to meet your friends, make more and more friends.
  2. Be ―cool‖ in your circle virtually
  3. Do things virtually you can‘t in real life ( Farming, Gamble, construction etc.)
  4. Makes you feel the world is small by connecting you to friends and relatives in any part of the world.

Though there are many reasons for the popularity and also their good impact on our life yet as everything has its dark side, even Social Networking is no exception to that.

Security Issues of Social Networking:

  1. Spam
  2. Scam
  3. Identity theft
  4. Malicious Apps
  5. Abuse of Trust

Why do they work?

Observing the fact that Social Networking sites which now are the best place to find people at a single place gives the attackers a huge attack surface. People gain trust easily on Social Networking sites, just by a mere chat and looking at their profile. Trust is easily gained which requires zero skills of hacking. I can possibly classify these reasons as:-

  1. Greed
  2. Ignorance
  3. Fear
  4. Easy trust
  5. Curiosity

Also considering the other possible reasons where social networking sites also form the best means for reconnaissance for any hacker, with everyone‘s profile online and with every detail to establish your identity or details that could help the attacker in any means. This again, is available very easily the best easy access to any ones information.

Social Networking sites have been the best boons for Social Engineers, considering the case study of a popular American politician (not named due to various reasons, however a simple Google search may help you find more information) whose email account was hacked by just making it out of the information available online made amass news in the world media.

Reason?

Attackers just used the information of her available online. Since she was a popular politician attackers only used information available through sites like Google and Wikipedia to answer the security questions she had for her email accounts. This questions the true reach of social engineering making it reach beyond the expected limitations. Was being popular a reason for that compromise of the account or was that really unsecure?

To answer this let us understand what made the hack successful.

  • Security questions were something that was easily available online

The purpose of security question is understood as something which is personal to you and the one only you know about it and no one else in this world.

How am I being a regular user affected?

Everyone on the social network is equally affected in one way or the other, either a spam posting all over your wall on facebook or either your profile without your notice posting all over your friends wall. Most of them would be embarrassing to you or your friends.

Popular issues on Facebook
We have across many spam issues right from the time we started using Orkut -starting with the ―New colorful theme‖ spam to the ―mobile recharge spam‖ back those years.

Spamming

And now we have the new spamming techniques being used. Recently a spam that spread virally on Facebook installed a extension to the browser and made posts on the friends wall without the users consent. This is how it looked.

This spam looked like any other video shared on the wall, using the name of the user whose wall this spam was shared this post looked genuine , however on clicking the link it asks you to install a YouTube premium extension to your browser to view the video. This extension then carried out the work of spamming. Leaving many confused for what was the reason and how to stop this embarrassing spam from coming through their profile. Many believed their Facebook account was hacked unable to find the reason, on how this was continuing.

Applications

Many finding interesting games and applications on facebook and also there are other who are annoyed by these requests and posts from these applications. Applications / Games on facebook (which are generally thought to be) are not developed by facebook, rather facebook allows third party developers to host their games and applications on facebook. So it makes a new source for the attackers to build their base for a attacking source. Issues with applications on facebook can be
 

  • Innumerable requests and notifications from your friends to join them using that application
  • Possible Spam or Scam
  • Possible Fraud.

Have you ever cared to look at the permissions you provide while using an application?

Have you ever noticed what information the application is going to extract from your profile. There is a survey which claims that 85% users don‘t bother to look at this permission request and allow those rights believing it to be a facebook application or rather ignorance.

Other issues come with the addiction to these apps or spending real money for gaining extra access or unlocking some features in these apps which make no sense in our life.

It must be already possible that you have installed most of the unwanted apps on your facebook, just look at your apps setting tab and I am sure it will surprise you!

An average facebook profile is believed to have authorized 200 applications with various access rights.

How do I protect myself?

Always remember that your actions online on a social networking should be in such a way that it won‘t embarrass the ones you are sharing it with or rather land yourself in such a situation.

  • Don‘t establish trust with any friend on social networking sites until you make sure is actually your friend.
  • Read the permissions you provide while using an application over the site.
  • Also make sure the application you are going to authorize is trusted.
  • Never fall for free stuff unless it is from a valid source. For, example if there would a new facebook theme available then it won‘t be from a third source rather facebook would itself announce the launch of new themes to its users.
  • While viewing the external links shared on the Social networking site, make sure the URL is valid.
  • In case of a video shared make sure the URL is youtube.com rather than believing the thumbnail it generates.

  • If you look into the above snap you can clearly notice the URL is www.youtube.com and also notice the play button present over there, unlike the spam post thumbnail shared earlier
  • Stay away from scams/spams that promise to provide some gift or money.
  • Use add-ons like no-script, No-Ads to avoid such scripts.
  • Always install extensions from known sources

o Chrome – from chrome store
o Firefox – Mozilla add-ons

  • Make sure you use these social networking sites over secured HTTPS
  • Share or post only that information which doesn‘t affect any one or you in general.
  • In fact a simple thought of ―what am I doing?‖ and ―how will this make effect?‖ before every action online can save you from the security issues.

 

Prajwal Panchmahalkar
Panchmahalkar@gmail.com
Twitter: @pr4jwal
Prajwal is a Senior Developer at Matriux, publishing articles for CHmag under ―Matriux Vibhag‖ every month. Also a n|u Hyderabad chapter lead. Currently pursuing Masters from Texas Tech University, USA. A CEH v6 certified.