Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam

Friend-in-the-middle attacks on social networking sites can be used to harvest social data in an automated fashion. Attackers can then exploit this data for large-scale attacks using context-aware spam and social phishing. The authors prove the feasibility of such an attack and simulate the impact on Facebook. Alarmingly, all major social networking sites are vulnerable to this attack because they fail to appropriately secure the network layer.