#43 Hello, Facebook! This is the stalkers' paradise!


More

  • None

Rejected

[PDF] Submission (5.1MB) May 31, 2017, 8:49:30 PM PDT · d2c4f58c15cb0bf9cc9d145d4e093402ae42a43931cfdbe86deb502618e369cbd2c4f58c

We introduce a new privacy issue on Facebook. We were motivated by the Facebook's search option, which exposes a user profile with his or her phone number. Based on this search option, we developed a framework to automatically collect Facebook users' personal data (e.g., phone number, location) by enumerating the (possibly) entire phone number range for the target area. To show the feasibility, we launched an attack for targeting the users who live in California, United States. Despite Facebook's best efforts to stop such attempts from crawling users' data with several security practices, 87,000 phone numbers were successfully tested and 20,371 actual users' personal data were obtained within a week by mimicking real users' search activities with three rogue accounts.

J. Kim, K. Kim, J. Cho, H. Kim
  • Jinwoo Kim (Department of Computer Science and Engineering, Sungkyunkwan University, South Korea) <jinwookim@skku.edu>
  • Kuyju Kim (Department of Computer Science and Engineering, Sungkyunkwan University, South Korea) <kuyjukim@skku.edu>
  • Junsung Cho (Department of Computer Science and Engineering, Sungkyunkwan University, South Korea) <js.cho@skku.edu>
  • Hyoungshick Kim (Department of Computer Science and Engineering, Sungkyunkwan University, South Korea) <hyoung@skku.edu>
Best Student Paper Award

  • Application security (web frameworks, distributed databases, multi-factor authentication)

To edit this submission, sign in using your email and password.