Chameleon Attack Can Manipulate Your ‘Likes’ On Social Media

  • 1

Researches from Ben-Gurion University of the Negev (BGU), Israel, have discovered a new cyber attack threatening social media platforms. The attack dubbed ‘Chameleon’ may allow changing the content you liked or posts you commented on without notice. Successful exploitation would leave people wondering when did they like a particular post, image, or video.

As stated by the researchers in their paper,

The major OSNs (Facebook, Twitter, and LinkedIn) allow publishing redirect links, and they support link preview updates. This allows changing the way a post is displayed without any indication that the target content of the URLs has been changed.

The attack works not because of a security vulnerability, rather because of a design flaw. Mentioning the possible impacts of a Chameleon attack, the researches stated:

Using this technique, adversaries can, for example, avoid censorship by concealing true content when it is about to be inspected; acquire social capital to promote new content while piggybacking a trending one; cause embarrassment and serious reputation damage by tricking a victim to like, retweet, or comment a message that he wouldn’t normally do without any indication for the trickery within the OSN.

The researchers have presented a detailed exploit with all technicalities in a research paper. The following video demonstrates the attack scenario. You can also test it yourself via the Facebook experiment set up by the researchers.

Keep An Eye On The Content You Like

For now, there isn’t any fool-proof strategy to mitigate this attack. So, users on LinkedIn, Facebook, Twitter, should remain cautious.

While WhatsApp and Instagram largely remain safe from Chameleon attacks, Reddit and Flickr are somewhat susceptible.

Though, for now, despite sharing details on GitHub, the researchers haven’t shared the source code to prevent misuse.

Let us know your thoughts in the comments.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!