CanaryTrap, a technique by academics from the University of Iowa. Revolves around the concept of a honeytoken.
Honeytokens represent fake data, tokens, or files that IT peeps scatter across their network. When the data is tempered with the IT admins at the time can detect any malicious activity.
How it relates to CanaryTrap the honeytokens were unique email addresses that academics used to register Facebook accounts. (See where this is going?)
After registering an account, the researchers installed one of many Facebook apps, messed with it for 15 minutes after that they uninstalled the accounts.
Researchers monitored the honeytoken email inbox. If the inbox received any new emails, then there was third party data being shared.
The academic team reportedly tested about 1,024 Facebook apps using the CanaryToken technique. They have identified 16 apps that did share email addresses with third-parties.
With these 16 apps, only nine apps actually state they had a relationship with the email sender. The other seven apps did not state they shared user data with other parties.
CanaryTrap, research, and associated tools is all available on GitHub. "to help independent watchdogs detect misuse of data shared with third-party apps without needing cooperation from online social networks."
Facebook has sued several developers even changing its Terms of Service and making sure they have more power to enforce their rules.
Facebook is cooking up new terms to limit the information developers can share with third parties without receiving consent from users. To also make sure developers understand they must safeguard user data if they wish to use Facebook's platform and user-base for their own goals.
Personally I dislike Facebook due to how they made that big leak with their third-party which leaked millions upon millions of user's data for every thieving black hat to grab and sell on forums. At least knowing they are actively trying to prevent user data from being misuse helps my opinion on them.
Want to fight cyber criminals every day? Find out more about our cyber security degrees offered at https://www.uat.edu/cyber-security-degrees.
/UAT-Logo-new.jpg?width=151&name=UAT-Logo-new.jpg "UAT-Logo-new"){kind=logo}
Comment