According to researchers in Israel, users of social media platforms such as Facebook, LinkedIn, and Twitter can now fall prey to a new kind of cyber attack – the stealth editing of posts.
Based on the paper presented by a group of researchers, Elyashar et al, it was revealed that it’s possible for posts on a social media platform to be retroactively edited. The attack exploits a weakness in posting mechanisms across social media platforms.
“Imagine watching and ‘liking’ a cute kitty video in your Facebook feed, and a day later a friend calls to find out why you ‘liked’ a video of an ISIS execution. You log back on and find that indeed there’s a ‘like’ there. The repercussions from indicating support by liking something you would never do (Biden vs. Trump, Yankees vs. Red Sox, ISIS vs. US) from employers, friends, family, or government enforcement unaware of this social media scam can wreak havoc in just minutes,” said the researcher Rami Puzis of Ben-Gurion University of the Negev in Beersheba.
Content on Facebook or LinkedIn can be edited by the user even after it has been posted; these platforms simply make a note of the edits. Twitter, on the other hand, doesn’t usually allow any such changes to posts.
But then, this new attack coined as “Chameleon” involves the modification of user posts without their knowledge – even on Twitter. The study states that the Chameleon attack “involves maliciously changing the way content is displayed publicly without any indication whatsoever that it was changed until you log back on and see it.”
The altered posts might also feature violent, criminal, or offensive content, essentially jeopardizing user-profiles. Major social media platforms support link preview updates, because of which a post preview can be manipulated without giving away the actual content of a target URL.
“This behavior has been reported to us previously. While it may not be ideal, at this time, we do not believe this poses more of a risk than the ability to tweet a URL of any kind since the content of any web page may also change without warning,” said a Twitter spokesperson, acknowledging the Chameleon attack.