Facebook 'should mimic Apple app security restrictions'
Published: 19th Jan 2011 10:23:01
Facebook should adopt tighter security measures to protect its users, according to a leading internet firm.
Experts at security company Sophos say a rise in unmonitored Facebook applications endangers the site's 650 million users.
Instead, they suggest that it should mimic Apple's App Store, which vets all programs available for download.
But Facebook said its data shows the opposite of Sophos and that it already has "extensive" protection for users.
"We have a dedicated team that does robust review of all third party applications, using a risk based approach," the firm said.
"That means that we first look at velocity, number of users, types of data shared, and prioritise. This ensures that the team is focused on addressing the biggest risks, rather than just doing a cursory review at the time that an app is first launched."
Sophos said that reviewing apps before launch had "proven effective in protecting users".
In its 2011 Threat Report, which outlines the major online dangers to be expected over the next 12 months, the company points out that Facebook is now one of the biggest targets for criminals and fraudsters.
This is partially because of the site's size and popularity - but also because Facebook allows anyone to build applications, games, surveys and other programs. The most popular ones have been downloaded tens of millions of times.
While this open system might be good news for Facebook's business, says the report, it leaves inexperienced users vulnerable to attacks from malicious hackers who are increasingly building fake applications that trick people into handing over their private information.
"Facebook, by far the largest social networking system and the most targeted by cybercrimnals, has a major problem in the form of its app system," it says.
To combat this, the report suggests Facebook could learn a lesson from mobile phone makers such as Apple, which operates strict controls over what applications are available for users of its iPhone and iPad platforms to download.
"A 'walled garden' approach may be more suitable," the report says. "This is the way the Apple App Store operates, with applications requiring official approval before they can be uploaded to the site and shared with other users."
A 'walled garden' approach may be more suitable.”
Although such an approach would potentially screen users from fraudulent applications, it would not be without its problems, however. Apple's own process has come in for criticism in the past for its seemingly arbitrary rules that resulted in the banning of some applications - such as dictionaries - while other similar ones were allowed through.
Alternatively, Sophos says, the world's biggest social network could offer more detailed controls over security, allowing them to decide more easily which applications can run on their profile.
But Facebook says that it already does this.
"We have built extensive controls into the product, so that now when you add an application it only gets access to very limited data and the user must approve each additional type of data," the company said in a statement.
"We make sure that we act swiftly to remove [or] sanction potentially bad applications before they gain access to data, and involve law enforcement and file civil actions if there is a problem."
It also says that its own data suggests Sophos has exaggerated the problem.
"As a result of our efforts, the data we have on interactions of more than 500 million people using Facebook shows that spam, malware and other attacks have decreased in their effectiveness—the opposite conclusion reached by a security vendor."
The advice comes just a day after Facebook made a U-turn on a new feature which exposed the the telephone numbers and home addresses of users to anyone building applications.
The change, which the company said was intended to "streamline" information sharing was suspended after complaints that it was ripe for abuse.
As well as highlighting problems with Facebook, the Sophos report also analysed a number of other security trends it said would increase over the coming months. These include:
Search engine poisoning: a method by which criminals attempt to trick Google and other search engines into prominently featuring malicious websites. Often using major news events as cover, the fraudsters fool users into visiting sites that subject their computers to attack
Clickjacking: A scheme that hides malicious code inside a link pretending to be something else, often purporting to be a link to a picture or joke. Such attacks can spread rapidly through networks like Facebook and Twitter.
Spearphishing: Highly targeted spam aimed at eliciting specific details from an individual.
"Cybercriminals prey on our curiosity and perhaps our vulnerability and gullibility, and use psychological traps to profit from unsuspecting technology users," concludes the report.
At 00:01:17 in BusinessThe UK has edged up the global rankings in a major annual economic survey by the World Economic Forum (WEF).
At 23:56:35 in HeadlinesTwo US men who spent three decades in prison for rape and murder, one of them on death row, have been released after DNA evidence proved their innocence.
At 23:19:39 in SportBritain's Andy Murray is relishing the prospect of facing world number one Novak Djokovic in a US Open night session.
At 22:55:30 in SportManager Gordon Strachan admits Scotland are in a battle for second spot as they prepare to kick off their campaign to reach the 2016 European Championships.
At 22:40:28 in HeadlinesA British hostage is among those being held by Islamic State militants, Number 10 has confirmed.
At 22:22:11 in SportOlympic track cycling champion Laura Trott has left the Wiggle-Honda road racing team and signed for British outfit Matrix Fitness Vulpine.
At 22:21:45 in SportChampions Cliftonville surrendered top spot in the Irish Premiership as a result of being by Linfield.
At 21:57:38 in SportGael Monfils dug deep to beat seventh seed Grigor Dimitrov and reach the US Open quarter-finals.
At 21:49:53 in SportBallymena bounced back from Friday's defeat at Glenavon by narrowly beating Institute at the Showgrounds.
At 21:45:54 in SportRoss County chairman Roy MacGregor says Patrick Kluivert remains in contention to become the Staggies' new manager.
Harvard CitationBBC News, 2011. Facebook 'should mimic Apple app security restrictions' [Online] (Updated 19th Jan 2011)
Available at: http://www.ukwirednews.com/news/123588/Facebook-should-mimic-Apple-app-security-restrictions [Accessed 3rd Sep 2014]
News In Other Categories
Apple has confirmed that some celebrities' iCloud accounts were broken into, but says it has found no evidence that this was caused by a breach of its security systems.
The UK has edged up the global rankings in a major annual economic survey by the World Economic Forum (WEF).
For the past three or four months or so, the referendum race has looked as though it was stalled.
Britain's Andy Murray is relishing the prospect of facing world number one Novak Djokovic in a US Open night session.
A film telling the story of how the 1984-85 Miners Strike united two utterly disparate sections of society is receiving its West End premiere.
There will be no prosecutions over complaints about the performance of a folk band at the Ardoyne Fleadh last month.