It's possible to elude Facebook's defences with software that poses as a human and has an account
The bots began by sending friend requests to random users, around 1 in 5 of whom accepted. They then sent requests to the friends of the people they had connected with, and the acceptance rate jumped to almost 60 per cent. After seven weeks the team's 102 bots had made a combined 3000 friends.
Facebook's privacy settings allow users to shield personal information from public view. But because the socialbots posed as friends, they were able to extract some 46,500 email addresses and 14,500 physical addresses from users' profiles – information that could be used to launch phishing attacks or aid in identity theft. "An attacker could do many things with this data," says Boshmaf, who will present the team's work at the Annual Computer Security Applications Conference in Orlando, Florida, next month.
0 comments:
Post a Comment