Most internet users wouldn't consider their Facebook account to be a real security risk. For the most part, this is true, as Facebook.com is generally safe in terms of the information it gathers. However, there's a loophole in Facebook's security that hackers are able to use to potentially access and even alter private information on your profile.
In 2007, Facebook introduced its wildly popular application development program. This program allows third party developers, both companies and individuals, to create applications. There are currently just over fourteen thousand Facebook applications including everything from cookbooks to virtual zoos. While this means there's a diversity of great content available to users, it also means that personal information (which each application has access to) is in a wide variety of hands, and this creates security concerns.
How Applications Access Your Private Information
Every time you choose to add an application, Facebook asks you to confirm that you want to let this program both know who you are and access your information. It's impossible for anyone to add any application without agreeing to this set of terms. Once you click okay, that application can technically access quit a bit of public and private profile information.
While all of the most private information are kept on Facebook servers and require security authentication, a lot of info is available to applications you add.
According to Facebook's Developers Terms of Use, this can include
". . . your name, your profile picture, your birthday, your hometown location, your current location, your political views, your activities, your interests, your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history, copies of photos in your Facebook Site photo albums, and a list of user IDs mapped to your Facebook friends."
Not only that, but you don't even have to add an application for it to be able to access your information; they can also learn your info whenever any of your friends add the program. With all this information available, it's easy to see why many are concerned for their privacy.
The Threat
For the most part, the danger doesn't come from the application developers themselves, but from hackers who may be able to infiltrate and misuse information collected by applications, especially those written by individual developers instead of companies. 2600, a hacker periodical, published an article detailing how to easily compromise three Facebook apps: Moods, Superwall and Free Gifts. These loopholes discussed only allow for minor security breaches, nothing really malicious. For instance, hackers can change the sender and recipient of Superwall posts and free gifts. There's even a Youtube video of someone changing another user's mood. Clearly, this is not a top level security threat, yet. If a loophole exists, though, malicious minds can find a way to exploit it, and it's possible that a serious security risk is en route.
It's important to note that the problem isn't with Facebook, or even with Applications in general, but with certain applications which don't use safe data practices. The three applications mentioned earlier are exploitable because they use easily modifiable form sheets to collect data. Other applications, and all the content published by Facebook itself are safe from hackers. The real difficulty comes in trying to decipher which applications are safe, and how to make sure that you're not at risk.
What to Do
It's hard to find good solutions to the threat posed by Facebook third party applications. The first thing to do is to make sure that you don't sign up for applications of questionable background. Each program developer has a profile on Facebook that you can view to gain information about who they are and how to contact them. This is the best way to find out what, if any, security protocols they use. Pick applications that are made by reputable developers, and don't add every application that you're invited to. Also, be judicious about who you add as a friend. Remember that applications can access your information if any one of your friends signs up. The more friends you have, the more applications that have access to your data, and the greater the potential of it falling into the wrong hands.
Many people feel that the best way to ensure privacy is from the top up. After all, the most certain way to close hacker back doors is for Facebook to take charge, or hold applications to more stringent security requirements. At present, Facebook's terms of service clearly state that they are not responsible for the actions of third party developers. Many users are voicing their concern over this policy, and its ramifications for information security, both to Facebook and the applications that they use.
If you think that you have been the victim of "apps hacking," then you should contact both Facebook and the application developer immediately, to alert them to this potential security flaw. It's also probably a good idea to avoid that application, and others by the same publisher, as they may pose a continued security risk to your online privacy.
While hackers might be able to access some personal information through Facebook third party applications, being vigilant is the key to staying safe on the internet.
0 comments:
Post a Comment