Facebook’s new Graph Search feature has sparked security concerns, with experts arguing it is the perfect tool for hackers launching phishing attacks.
The value of the socially-aware search function, which responds to requests like, “Which of my friends in London like karaoke,” has already been lampooned in some quarters, and now criticism is dragging user security into the limelight.
Specifically, with Facebook actively pushing the interests and personal details of its users to the fore, Graph Search critics say the feature could be exploited by phishing hackers who can use the plentiful data to tailor targeted attacks.
“Think of it like Google hacking on steroids,” says PC World’s Tony Bradley. “Attackers learned long ago that Google is a virtually endless treasure trove of valuable information… Facebook Graph Search raises the bar - and not in a good way - by delivering that same capability with a more personal context.”
The most effective phishing attacks are heavily customised scams that lure specific people into surrendering sensitive data like bank details, via convincing looking emails or other messages.
Traditionally, hackers have had to meticulously compile information and credentials on targets using up both time and resources – an example being the Red October attackers who fell into the spotlight this week. But the accessibility and openness of personal data via Facebook Graph Search may make hackers’ jobs much easier.
Andrew Storms, director of security operations for nCircle, added that, "The new Facebook Graph Search is a phishers' dream come true. It takes the micro-targeting capabilities that have been available to online advertisers for years and puts them into the hands of cyber criminals."
Spelling out a strong word of warning, he added, “If you thought the level of spam and phishing scams on Facebook couldn't possibly get worse, I have bad news for you. We ain't seen nuthin' yet.”