How do you make a secure social network?
You’ll need to create an API that allows you to get notifications of changes, and you’ll need a way to control access to your account.
To do this, you’ll probably need a third-party service, such as the OpenID social network, to manage your account, according to a new report by security company Cybersecurity Intelligence Partners.
The report, which will be published in a forthcoming edition of the security journal OWASP, found that only around a third of the social network users surveyed have access to the basic functionality of the API, while half of those who do have access can’t use it at all.
And only 15 per cent of the survey respondents have managed to get an account created on a secure platform, and that’s for a small subset of the top 200,000 users.
The problem is, those users are only a small minority of the global social network user base.
Cybersecurity experts say that the report’s findings show the need for a whole new approach to social network security.
“Our analysis shows that social networks are ripe for exploitation by criminals, and the majority of them are not secure,” said Adam Smith, Cybersecurity analyst at security firm Gartner.
“We know that social media has a role to play in enabling cybercrime, but we need to be able to securely connect people with one another in a way that does not compromise their privacy.”
The researchers used a database of over 40 million social network accounts in the UK, Australia and the US, as well as the official API of the British Government, to identify the most popular social networks, as measured by the number of active accounts and the number that can be accessed.
They then examined which of these accounts had been compromised by a cybercriminal, using a range of tools and techniques to find out what kinds of data was exposed, and what kind of passwords were compromised.
The findings were summarised in a paper, entitled How to Secure Social Networks: Exploiting Social Data Exploits in the Social Media Space.
The researchers found that more than 80 per cent (76 million) of the accounts on the top 20 most popular sites are publicly accessible.
They also found that the average number of times an account was breached per day is just over 30.
A large number of these were in the social networking space, with the vast majority of breaches occurring in the areas of social media, mobile apps, and websites.
They found that there were two types of social networks that could be exploited.
First, there are those that use the API to gather user information, such that they can identify users by their social media profiles, and so can track the activity of users.
Second, there were those that provide a range (or list) of information, which can be used by criminals to track a user’s movements and behaviour.
“The most vulnerable social networks in this analysis were those which are not publicly accessible, and therefore the users that are not able to connect to the public API,” the report concluded.
“This analysis shows the need to build a secure, private social network for people that does contain some information.
For this, it is essential that users are able to have a range or list of data that is accessible and accessible to the wider community.”
But while the majority (55 per cent) of people surveyed said they have used a secure API to connect with friends and family, they were not as aware as they could be about how they can use it to gain access to information, and how to secure their account.
For example, while around 20 per cent have successfully used an API to access the government API, only 17 per cent had done so to gain the ability to access data about themselves.
And of those, just 10 per cent were able to access personal data about their accounts, and one per cent said they’d been able to gain permission to use a third party’s API to gain full access.
“While it’s not uncommon for people to have limited access to some of the basic data about them, it can be a major issue when it comes to data security,” Smith added.
The Cybersecurity team will present their findings to the British Parliament later this month, and they’ll be joined by other researchers from other parts of the world, who will be sharing their findings with parliamentarians.
Cybercrime expert Anthony Walker said that the issue with the public APIs is that it’s impossible to be certain that your data is safe.
“You can’t guarantee that everything is safe in the system.
There’s a huge amount of data out there.
If someone has hacked into your bank account, you might find out, for example, that your account number has been compromised,” he said.
“In the future, the public platform will need to provide more security and be able in theory to provide a greater degree of control over the data it collects.
This will be a challenge, but it’s something that we’re working on.”