1. Headline
  1. Headline
Duane Hoffman
By
updated 3/21/2012 11:46:16 AM ET 2012-03-21T15:46:16

Forgotten Facebook friends who don't appear in your friends list could still be snooping on you from time to time, new research shows.

In their research paper, "Your Facebook Deactivated Friend or a Cloaked Spy?," University College London computer-science student Shah Mahmood and UCL's chair of information communication technology, Yvo Desmedt, highlighted what they called a "zero-day privacy loophole." It enables a person to deactivate his own account and then later, upon reactivating the account and shedding his privacy "cloak," to quickly view his friends' profiles before disappearing into the darkness again.

The loophole takes advantage of the lengthy and complicated process of getting rid of a Facebook account. The social network persuades many would-be exiles to take only the half-step of deactivating their accounts, in effect putting the accounts into hibernation instead of deleting them altogether.

Deactivating doesn't mean you're off Facebook
"As deactivation is temporary in Facebook, the attacker can reactivate her account as she pleases and repeat the process of activating and deactivating" over and over, the research team explained. "This deactivated friend — i.e., the attacker — may later reactivate the account and crawl her victims' profiles for any updated information. Once the crawling has finished, the attacker will deactivate again."

[Why You Should Quit Facebook Now]

The concept behind the exploit is akin to the cloaking method used in "Star Trek," the researchers said, "where Badass Blink or Jem'Hadar has to uncloak (be visible), even if only for a moment, to open fire."

When account holders deactivate their accounts, they "become invisible." They no longer appear on others' lists of friends, nor can others "unfriend" them. And, as the paper notes, "Facebook provides no notification about the activation or deactivation of friends to its users."

By reactivating their accounts, malicious Facebook users can snoop on their friends' profiles when it's convenient, and then immediately deactivate, leaving no trace.

Who can see you?
The loophole exploited by the "deactivation attack" becomes particularly worrisome if you consider who may be taking advantage of it.

Mahmood and Desmedt argued that this type of covert Facebook snooping would be "attractive" to marketers, background-checking agencies, governments, hackers, spammers, stalkers or criminals.

Because the perpetrator may only reactivate his account for a very brief period of time, the attack is also difficult to detect.

The researchers said the deactivation attack could be mitigated if Facebook notified users of their friends' deactivations and reactivations, or if it flagged accounts that frequently de- and reactivated.

Facebook did not respond to a request for comment.

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments

More on TODAY.com

  1. Pool / Getty Images

    Prince William, Duchess Kate try their hand at the DJ decks

    4/23/2014 4:30:48 PM +00:00 2014-04-23T16:30:48
  1. 9 foods to 'spring clean' your diet 

    Want to wring out your system as part of the annual spring cleaning? Skip the weird (and often dangerous) detox diets or cleanses.

    4/23/2014 11:10:55 AM +00:00 2014-04-23T11:10:55
  1. Courtesy of Savannah Guthrie

    Savannah’s honeymoon dispatch: Letting it hang out on the best vacation ever

    4/23/2014 10:56:55 AM +00:00 2014-04-23T10:56:55
  1. Lupita Nyong’o is People magazine’s Most Beautiful person

    The Oscar winner with the perfect smile and the style to match beams from a cover that promises "her inspiring story.

    4/23/2014 11:54:41 AM +00:00 2014-04-23T11:54:41
  2. video Actress tells Savannah: Oscar win has opened doors

    video After a tremendous year for the actress, including winning an Oscar for her breakout role in “12 years a Slave,” and now being selected as People magazine’s Most Beautiful person, Lupita Nyong’o reflects on her rising fame in an exclusive interview with TODAY’s Savannah Guthrie.

    4/23/2014 12:35:32 PM +00:00 2014-04-23T12:35:32
  3. slideshow Her flawless looks: See Lupita’s colorful wardrobe

    slideshow Bright yellow, sky blue, rich red, shimmering gold — there's not a color that the fashionably adventurous Oscar-winning actress hasn't conquered.

    4/23/2014 1:40:41 PM +00:00 2014-04-23T13:40:41
  4. Reuters; AP