Facebook 'should mimic Apple app security restrictions'
Published: 19th Jan 2011 10:23:01
Facebook should adopt tighter security measures to protect its users, according to a leading internet firm.
Experts at security company Sophos say a rise in unmonitored Facebook applications endangers the site's 650 million users.
Instead, they suggest that it should mimic Apple's App Store, which vets all programs available for download.
But Facebook said its data shows the opposite of Sophos and that it already has "extensive" protection for users.
"We have a dedicated team that does robust review of all third party applications, using a risk based approach," the firm said.
"That means that we first look at velocity, number of users, types of data shared, and prioritise. This ensures that the team is focused on addressing the biggest risks, rather than just doing a cursory review at the time that an app is first launched."
Sophos said that reviewing apps before launch had "proven effective in protecting users".
In its 2011 Threat Report, which outlines the major online dangers to be expected over the next 12 months, the company points out that Facebook is now one of the biggest targets for criminals and fraudsters.
This is partially because of the site's size and popularity - but also because Facebook allows anyone to build applications, games, surveys and other programs. The most popular ones have been downloaded tens of millions of times.
While this open system might be good news for Facebook's business, says the report, it leaves inexperienced users vulnerable to attacks from malicious hackers who are increasingly building fake applications that trick people into handing over their private information.
"Facebook, by far the largest social networking system and the most targeted by cybercrimnals, has a major problem in the form of its app system," it says.
To combat this, the report suggests Facebook could learn a lesson from mobile phone makers such as Apple, which operates strict controls over what applications are available for users of its iPhone and iPad platforms to download.
"A 'walled garden' approach may be more suitable," the report says. "This is the way the Apple App Store operates, with applications requiring official approval before they can be uploaded to the site and shared with other users."
A 'walled garden' approach may be more suitable.”
Although such an approach would potentially screen users from fraudulent applications, it would not be without its problems, however. Apple's own process has come in for criticism in the past for its seemingly arbitrary rules that resulted in the banning of some applications - such as dictionaries - while other similar ones were allowed through.
Alternatively, Sophos says, the world's biggest social network could offer more detailed controls over security, allowing them to decide more easily which applications can run on their profile.
But Facebook says that it already does this.
"We have built extensive controls into the product, so that now when you add an application it only gets access to very limited data and the user must approve each additional type of data," the company said in a statement.
"We make sure that we act swiftly to remove [or] sanction potentially bad applications before they gain access to data, and involve law enforcement and file civil actions if there is a problem."
It also says that its own data suggests Sophos has exaggerated the problem.
"As a result of our efforts, the data we have on interactions of more than 500 million people using Facebook shows that spam, malware and other attacks have decreased in their effectiveness—the opposite conclusion reached by a security vendor."
The advice comes just a day after Facebook made a U-turn on a new feature which exposed the the telephone numbers and home addresses of users to anyone building applications.
The change, which the company said was intended to "streamline" information sharing was suspended after complaints that it was ripe for abuse.
As well as highlighting problems with Facebook, the Sophos report also analysed a number of other security trends it said would increase over the coming months. These include:
Search engine poisoning: a method by which criminals attempt to trick Google and other search engines into prominently featuring malicious websites. Often using major news events as cover, the fraudsters fool users into visiting sites that subject their computers to attack
Clickjacking: A scheme that hides malicious code inside a link pretending to be something else, often purporting to be a link to a picture or joke. Such attacks can spread rapidly through networks like Facebook and Twitter.
Spearphishing: Highly targeted spam aimed at eliciting specific details from an individual.
"Cybercriminals prey on our curiosity and perhaps our vulnerability and gullibility, and use psychological traps to profit from unsuspecting technology users," concludes the report.
At 22:00:20 in PoliticsThe zero-hours contract - alongside the payday loan and the bad bank - has gained a kind of totemic significance in the public imagination.
At 22:00:03 in ScotlandScottish independence would leave working people north and south of the border worse off, Ed Miliband has claimed.
At 21:50:40 in BusinessInternet retailer Amazon reported a 32% jump in profits to $108m (£64m) in the first quarter of 2014.
At 21:48:30 in EnglandPolice have carried out a series of raids in east London, following a BBC London investigation into shops willing to deal in stolen smartphones.
At 21:47:39 in BusinessMicrosoft reported net profit of $5.66bn (£3.37bn) in the first quarter, a decline from the same period last year but better than market estimates.
At 21:45:57 in SportGreat Britain beat the Netherlands 4-3 in their latest World Championship Division 1 Group B outing in Vilnius.
At 21:34:40 in SportThe Scottish Professional Football League will look into allegations that a Kilmarnock player's signature was forged on a contract.
At 21:11:26 in EnglandA farmer accused of manslaughter after a walker was killed by his bull has denied that the animal was aggressive.
At 21:09:55 in SportJurgen Klopp has ruled himself out of contention to become the next manager of Manchester United.
At 20:52:56 in WalesA 15 year-old girl has been cut free after becoming trapped in a children's swing in a park in Denbighshire.
Harvard CitationBBC News, 2011. Facebook 'should mimic Apple app security restrictions' [Online] (Updated 19th Jan 2011)
Available at: http://www.ukwirednews.com/news/123588/Facebook-should-mimic-Apple-app-security-restrictions [Accessed 24th Apr 2014]
News In Other Categories
Police have carried out a series of raids in east London, following a BBC London investigation into shops willing to deal in stolen smartphones.
With the doors to its brand new £1million training centre officially open, one of the UK's leading apprentice training providers, Bristol based S&B Automotive Academy, is showcasing its world-class facilities by launching a series of foreign student exchanges for the first time in its 41-year history. To get a flavour of what life is like as an apprentice in the UK, the Academy hosted 16 apprentice engineers and bus drivers from the G9 Automotive College in Hamburg, Germany, as part of a Europe-wide vocational training initiative called the ‘Leonardo Programme’ with support from the European Social Fund. In a reciprocal arrangement, S&B will be sending nine apprentices to Germany during February 2012 so that they can get an appreciation of life in the automotive industry on the Continent. A further three German exchange groups are being planned for next year. Designed to assist the development of vocational skills and training across Europe, including work placements for trainees, the Leonardo Programme has a budget of €1.75bn, which is helping to encourage UK organisations to work with their counterparts abroad. In what is expected to be another challenging year for employers in the UK automotive sector, S&B’s Chief Executive, Jon Winter, claims that the exchange initiative will bring many benefits to the Academy and its apprentices: “In a world of global automotive brands, it’s important for our learners to understand the international context of the industry they have chosen to make their career. This new exchange programme will enable apprentices and Academy staff alike to achieve a better understanding of the challenges and opportunities within the automotive arena in Europe. With the Academy’s influence also extending to the USA and Asia, there’s every possibility that this initiative could move further afield in the future.” Continued Winter: “The need for skilled technicians across the world is on the increase and we actively encourage our apprentices to look at broader horizons during their training. Many of them have already learned the phrase ‘Vorsprung durch Gelehrtheit’, quite simply, ‘Advancement through learning.” In the 2010/11 academic year, S&B doubled the number of successful Apprenticeships over the previous year with some 350 apprentices graduating from the Academy. At the same time, achievement levels reached an all-time high with an overall success rate of 85%. For those learners on the Advanced Apprenticeship three-year programme, success rates were even higher, at over 98%. PHOTO CAPTION: As part of their exchange visit, S&B Automotive Academy arranged for the German apprentices to visit Hampshire bus operator, Bluestar, at its Barton Park depot. The students are pictured with S&B’s Andy West (3rd right) and Steve Prewett, Bluestar’s Area Engineering Manager (2nd right). Ends http://www.sandbaa.com
The zero-hours contract - alongside the payday loan and the bad bank - has gained a kind of totemic significance in the public imagination.
Internet retailer Amazon reported a 32% jump in profits to $108m (£64m) in the first quarter of 2014.
Ten candidates will be vying for three European parliament seats in Northern Ireland, it has been confirmed.
Director Peter Jackson has changed the title of the final film in his Hobbit trilogy from There and Back Again to The Battle of the Five Armies.