Facebook Deploys Anti-Likejacking Solution

By on March 30th, 2011 13:56 GMT

Facebook has implemented a mechanism to block so-called likejacking attacks by requesting confirmation for suspicious Like actions.

Likejacking is a term referring for attacks that employ clickjacking techniques to trick Facebook users into liking rogue pages.

Clickjacking, or user interface redressing as it's known in more technical circles, is a type of attack that exploits legit web technologies to hijack mouse clicks.

This is achieved by making a page element, in this case the Like button, invisible and positioning it over another element that looks innocuous, such as the play button of a web video player.

As a result, users who try to press play will instead end up liking the page without their knowledge if logged into Facebook.

Likejacking attacks were easy to launch because when shown on third-party websites, the Facebook Like button did not require confirmation, something that security researchers have criticized for some time.

According to Chester Wisniewski, senior security advisor at Sophos, that is no longer the case because Facebook introduced a new system that detects suspicious "Like" patterns and enforces confirmation.

"While precise details of how this system detects malicious 'Likes' are not available, I have seen it in action and it follows many of the suggestions we have made," the security expert writes.

In addition, the implementation was done in such a way that it would be very hard for attackers to hide and bypass the confirmation in a similar manner. Clicking a suspicious Like button will now transform it into a Confirm one, which when clicked, opens a more detailed confirmation request in a pop-up window.

While this is great news and a good step towards protecting users, Facebook still needs to refine the detection. "The technical approach to solving this problem is valid, but Facebook's detection algorithm only seems to work in rare instances. Since the deployment of this technology, I have only seen it trigger in a few likejacking attacks," Mr. Wisniewski notes.

Comments