chapter 6:Social Networking: Associated Risks and Solutions

Social network services are of three types.

• Socializing Social Network Services: These services are used to socialist with existing friends, for example Facebook.
• Networking Social Network Services: These services are used for non-social interpersonal communication, for example LinkedIn.
• Social Navigation Social Network services: These services are used for helping users to find specific information or resources, for example Good reads for books.
  

 

Why Social Networking is so Popular?

• Worldwide Connectivity
• Commonality of interest
• Rea-time information sharing
• Targeted advertising
• Increased news cycle speed
• Job hunting

What is a Profile?

User profile can contain the following information:

• Name or nickname
• Contact number
• Email address 
• Workplace
• Educational background
• Marital status
• Cover photo
• Photos and videos
• Friends list
• Groups
• Communities
• Personal interests

Social Networking Security Threats

Phishing

Phishing is the practice of obtaining private information in a fraudulent manner. Phishing emails are legitimate looking emails that makes user believe in them. An email may appear by the name of trustworthy company or website requesting you to update your information.Social networking websites contain user's archived messages, user's interests, their hobbies etc. Frauds may use this information to be fool users by sending attractive emails of their interests and making them believe those are authentic ones.

identity Theft

identity theft occurs when an imposter uses the personal identification information for personal use, exploitation and illegal activities. In this attack, the hacker collects the information of the user from social networking sites such as name, photo, date of birth, contact number, email address and performs crimes.
Some actions that can put you at risk of an identity theft are:
1. Using weak privacy or no privacy settings.
2. Accepting invitations to connect from unfamiliar persons or contacts.
3. Downloading free applications for use on your profile.
4. Giving your password or other account details to people you know.
5. Participating in quizzes (e.g. How well do you know me?) which may require you to divulge a lot of personal information.
6. Clicking on links that lead you to other websites, even if the link was sent to you by a friend or posted on your friend's profile page.
7. Falling for email scams (phishing) that ask you to update your social networking profiles.

Malware

Malware refers to malicious code or program that attackers develop to harm or damage user's security. The imposters aim to install malware on the user's machine. For this purpose, they make use of spam mails or mails with false attachments. Attackers observe the user's activities and hide malware in the form of links. When the user unknowingly clicks such links, the malware gets downloaded automatically on the user's computer.

Site Flaws

Errors and bugs in social networking sites offer a chance to attackers to access user information, even though all privacy settings are applied. Attackers take advantage of such flaws to the fullest. The site flaws also enable attackers to track transmitted packets and modify them during transmission and propagation, performing injection attacks and creating backdoors to the social sites. Backdoor is a technique in which a system security mechanism is bypassed without detection to access computer data.

URL Spoofing

URL Spoofing is the act of misleading a user to different website by sending a legitimate looking URL, but the URL sent is a false or forged URL. The spoofed URL looks exactly like the oiginal URL or website. When clicked, such URLs redirect users to malicious websites. URL spoofing is performed to commit cyber crime, such as phishing, identity theft and various scams. The forged URL is sent to as many target victims as possible.

Click jacking

Click jacking is the attempt to hide malicious programs in the garb of legitimate buttons or links. The main aim is to trick the user into clicking these links or buttons which further triggers the downloading of hidden malicious program, thereby allowing the attacker to access the computer. Click jacking is also known as User Interface Redress attack or UI Redress attack or UI Redressing.

Social Engineering

Social Engineering is the practice of convincing people to reveal confidential information about themselves, friends, relatives or colleagues. It involves human interaction and be fooling people into breaking security procedures. Attackers gain trust of victim or victim's family or friends and manipulate them, so that the required information is revealed.
Social Engineering has two approaches:
Direct Approach: In this approach, the imposter directly convinces the victim to steal information through the means of phishing.
Indirect Approach: In this, direct participation of the victim does not happen. The attacker gains information through victim's relatives or friends.

Exploring Geo tagging

Geo tagging is the method of adding geographical metadata to various media such as images, videos, websites, SMS messages, QR codes or smartphone transmissions. The data usually consists of coordinates like latitudes and longitudes and sometimes may even include name of the place, distance and altitude. Geo tagging is commonly used for photographs and can provide a lot of information about the photograph such as where the picture was clicked, at what time and the exact location.
People mostly uses smartphones that have Global Positioning System (GPS) or location-specific services which come handy while using various apps. Apps for booking cabs or ordering food or finding a lost phone, use location-specific services. Also, the camera app of the phone uses geo tagging service to record the information or location of the photograph taken. Some high end phones have in-built GPS which geo tags any photo taken automatically.