Social Networks Evil Twin Attacks
What will happen if someone impersonates you on a social network? Will that person be able to fool your friends and as such gain access to resources, which only you are entitled to?... or are social network protected enough to guarantee the credibility of the social participants.
Introduction to Social Networks Evil Twin Attacks
Lets have a look at a social network like LinkedIn. For those of you who don't know what LinkIn is, let me say that it is probably the largest professional social network available today. Once you give information about your place of work and the education centers you used to attend, LinkedIn will try its best to hook you up to everyone else that have been associated with your employer, university, etc. The benefit is obvious: you keep in touch with people who may help you in the future. However, nothing stops someone to register an account on the name of John Dawson, a reputable IT security expert, currently employed by HSBC, Canary Wharf, London. If the evil twin of John Dawson inhabits LinkedIn, how many people will trust that shady persona and as such be fooled into one of the biggest scams? I find this question very interesting and quite fascinating.
The hack here is not technical but rather psychological and definitely of a social nature. Remember, hacking could be considered is the action of outsmarting others and as such it may take any form. Fooling people's believes is an important craft that have been with us since the dawn of humanity, yet we often fail to acknowledge it effectiveness. These are what Evil Twin attack are all about. From WiFi security prospective the evil twin is the rogue access point that pretends to be a friendly network. From the social networks point of view, the evil twin is a hacker or a bot disguising itself as the real person.
Social Networks Evil Twin Attacks work both ways. First, the impersonator will be given the chance to trick the victim's current friends into a trap. Second, he will trick people, who will try to contact the real person along the way, into a trap as well. Therefore, if the evil John Dawson is approached by someone who is looking for work in his sector, he will be in a very comfortable position to gain internal insights of the company of that person as very often people tend to serve any juicy information on the interviewing process.
Social Networks are huge threat whether you realize it or not. The bad guys are not restricted in terms of types of tools for their malicious activities, like whitehats do as this seams to be part of technical eliteness. The bad guys will break into the targeted network by any means necessary. This includes fooling people, laying and cheating on their way towards their goal.
This post is kept fairly light as it is a raw idea which haven't been materialized into any form but nevertheless it is important to be considered, especially today, when we are surrounded by the Social Networks phenomenon. The whole idea about this post is to introduce you to a concept, which you may or may not have already given any thoughts about.Comments Powered ByDisqus
Can't get enough? Here is more.
- Reconsidering The Side-jacking Attack
- 30mins Introductionary Presentation On Client-side Security
- Holes In Embedded Devices Authentication Bypass (pt 3)
- Holes In Embedded Devices Authentication Bypass (pt 2)
- Holes In Embedded Devices Authentication Bypass (pt 1)
- The Pownce Worm (Yet Another Potential AJAX Worm)