Overview of OSNs and Their Impacts on Users
In recent years we have seen more and more individuals use virtual meeting places and platforms in their daily lives, known as online social networks (OSNs). To keep contact worldwide, these networks help the user a lot with new friends. Sharing of personal information is one of the significant applications of OSN; however, users also share other information such as images, various activities, videos, and concerns on OSN platforms. OSNs like Google+ (Google+), Facebook, TikTok, Twitter, Linkedln, are a favoured way of communication for billions of daily active users. Users spend maximum time in communicating with other profiles, and updating their accounts and browsing others’ profiles, which is the main implication of OSNs. Personal information shared on these networks is up-to-date due to the frequent activity by users and, thereby, lures the attackers. Therefore, this chapter focuses on providing a thorough account of the most obvious and treacherous vulnerabilities that are affecting the social network platforms and user credentials worldwide. Furthermore, the authors have summarised the related statistics report from various trusted sources. It highlights the security threats corresponding to different social network services. Finally, a comprehensive assessment of the vulnerabilities has been provided with respect to the identified risk path rating method.
Online Social Network Vulnerabilities
In current scenario, OSN is one of the most perilous security threats to the society and mankind. According to the recent study by various security development firms such as McAfee and Norton, more than 1.5 billion people on a reputable social network platform such as Facebook alone, will be a major threat over the year. The huge load of information disclosed by different users helps the hackers to conduct malicious activities over the Internet. All this information indirectly exposes more useful data about the users, even though the user did not share. Thus, it can violate the user’s privacy (Sahoo & Gupta, 2020). If involved in a serious crime, this information could help adversaries. Therefore, OSNs such as Twitter does not permit the users to furnish significant private information, but adversaries can spoof the user’s posts and thereby find what they need. For example, different companies can use user’s private information to show online advertisements to a user’s profile on the basis of his/her thoughts (Tucker, 2010), to gain useful perceptivity. A recent statistic by McAfee has shown that more than 70% of organisations faced security breaches from various social network platforms. To mitigate various risks, all vulnerabilities related to social media, including fake profiles (Agrawal, Wang, Sahoo, & Gupta, 2019), identity theft, phishing attack (Sahoo & Gupta, 2019), and twin attack, should be considered.
Fundamentals of Online Social Networks
OSN services are “web-based services that allow individuals to construct a public or semi-public profile within a bounded system” (Woungang et al., 2018), articulate a list of other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. Particularly, sharing of information through direct communication; instant messaging; and profile annotation using comments, recommendations, and text with some links to redirect other profiles, e.g. picture tagging and photo tagging, are the various usages of OSNs. All these contexts are used for publications and browsing of multimedia content over social platforms. In addition, OSNs support some third-party applications for interaction among users and enhance other facilities of OSNs from poking to likeness with other members. Various services are offered by social network service providers like Google+, Facebook, Twitter, Linkedln, Sina Weibo, and VKontakte. These have become the favoured way of information sharing for billions of users. In general, a variety of content is stored and shared by the user over social platform. All these contents are stored at service provider’s database under its control, especially to protect the content from various types of attacks. All this information is publicly visible or, if the users are concerned about security, they use the principle of security setting to protect their content (Dorgham, Al-Rahamneh, Almomani, & Khatatneh, 2018; Ouaguid, Abghour, & Ouzzif, 2018; Zhu & Han. 2018).