Who On Earth Is ”Mr. Cypher“: Automated Friend Injection Attacks on Social Networking Sites

Abstract. Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect

the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate

the feasibility of our attack. The friend injection attack enables a stealth infiltration of social networks and thus outlines the devastating consequences of active

eavesdropping attacks against social networking sites.

Markus Huber and Martin Mulazzani and Edgar R. Weippl, "Who On Earth Is Mr. Cypher? Automated Friend Injection Attacks on Social Networking Sites," in Proceedings of the IFIP International Information Security Conference 2010: Security \& Privacy — Silver Linings in the Cloud, 2010.

@inproceedings{Huber_FriendInjectionAttacks_2010,

  Author = {Markus Huber and Martin Mulazzani and {Edgar R. } Weippl},

  title = {Who On Earth Is Mr. Cypher? Automated Friend Injection Attacks on Social Networking Sites},

  booktitle = {Proceedings of the IFIP International Information Security Conference 2010: Security \& Privacy --- Silver Linings in the Cloud},

  year = {2010}

}