Pierluigi Paganini
May 09, 2015
Facebook users can protect their privacy by setting the “privacy level” for every information related their profile or content they post online.
Users can decide to completely set as private the information in a way it results invisible to other users, even to the user’s friends.
There is an option in Facebook that allows the user to set the visibility of his friend’s list to “Only Me“, the settings allow users to keep the friend’s list hidden from other Facebook users, including users’ own friends.
Unfortunately, there is a flaw in Facebook that doesn’t allow to completely hide information of the user’s profile, including the friend’s list. Even if the user decides to make the friends list invisible anyone can see it. The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.
The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.
The problem for the user’s privacy and security is that it is already available a Free Chrome extension called “Facebook Friends Mapper” that can exploit the flaw to allow to view the hidden friends list in “just one click.”
The Facebook Friends Mapper extension exploits the Mutual Friends feature implemented by Facebook to crawl the social graph and expose hidden Facebook Friends list.
It could be very interesting to explore the friend list of celebrities that obviously hide their friend’s list, it is sufficient a mutual friend to view them.
“Facebook user, whose friends list you want to target, must have at least one mutual friend with you, and doesn’t matter if you are friends with him/her or not.”
The extension is able to discover these mutual relationships and exploit them in an iterative way. With this technique is possible to view the Facebook CEO Mark Zuckerberg even if he doesn’t share his friend’s list, neither an attacker is on his friend’s list.
You can imagine the repercussion on privacy, it’s not a mystery that social networks like Facebook are a privileged tool for cyber espionage, in the past, I have discussed “Social Media use in the Military Sector” explaining how to use it for PSYOPs operations. Many governments use Facebook and other social networks to gather information on persons of interest, the British Government, for example, has announced the creation of the 77th battalion, a cyber unit composed of soldiers familiar with social media.
The use of tools like the Facebook Friends Mapper could improve the efficiency cyber espionage campaign over social media.
The use of the Facebook Friends Mapper Chrome extension is very simple, once installed the extension from Chrome web store, open Facebook Profile of the user that you want to target then it will appear the ‘Reveal Friends‘ option on Friends tab. At this point, you have just to click on “Reveal Friends and Bang!
Facebook Friends Mapper Chrome extension was presented a few days ago, I discovered it thanks to the friends at THEHACKINGNEWS portal.
You can Install Facebook Friends Mapper Chrome extension from Google Chrome Extension Store, but believe that Facebook will soon fix this privacy issue.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Facebook Friends Mapper, Facebook Friends List)
[adrotate banner=”5″]
[adrotate banner=”13″]
