Hackers have a new tool in their arsenal dubbed Facebook Friends Mapper that allows them to crawl Facebook Hidden Friends list just in a click.

Facebook users can protect their privacy by setting the “privacy level” for every information related their profile or content they post online.

Users can decide to completely set as private the information in a way it results invisible to other users, even to the user’s friends.

There is an option in Facebook that allows the user to set the visibility of his friends list to “Only Me“,  the settings allow users to keep the friends list hidden from other Facebook users, including users’ own friends.

Unfortunately, there is a flaw in Facebook that doesn’t allow to completely hide information of the user’s profile, including the friends list. Even if the user decides to make the friends list invisible anyone can see it. The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.

The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns. The issue resides in the Facebook’s mutual-friends feature concept, which has been in controversies in the past, raising privacy concerns.

The problem for the user’s privacy and security is that it is already available a Free Chrome extension called “Facebook Friends Mapper” that can exploit the flaw to allow to view the hidden friends list in “just one click.

facebook mapper

The Facebook Friends Mapper extension exploits the Mutual Friends feature implemented by Facebook to crawl the social graph and expose hidden Facebook Friends list.

It could be very interesting to explore the friend list of celebrities that obviously hide their friends list, it is sufficient a mutual friend to view them.

Facebook user, whose friends list you want to target, must have at least one mutual friend with you, and doesn’t matter if you are friends with him/her or not.

The extension is able to discover these mutual relationships and exploit them in an iterative way. With this technique is possible to view the Facebook CEO Mark Zuckerberg even if he doesn’t share his friends list, neither an attacker is on his friends list.

You can imagine the repercussion on privacy, it’s not a mystery that social networks like Facebook are a privileged tool for cyber espionage, in the past, I have discussed about “Social Media use in the Military Sector” explaining how to use it for PSYOPs operations. Many governments use Facebook and other social networks to gather information on persons of interest, the British Government for example, has announced the creation of the 77th battalion, a cyber-unit composed of soldiers familiar with social media.

The use of tools like the Facebook Friends Mapper could improve the efficiency cyber espionage campaign over social media.

The use of the  Facebook Friends Mapper Chrome extension is very simple, once installed the extension from Chrome web store, open Facebook Profile of the user that you want to target then it will appear the ‘Reveal Friends‘ option on Friends tab. At this point, you have just to click on “Reveal Friends and Bang!

Update: 

It’s a fake chrome extension and not working, currently i am investigating on it’s working may be it’s harmful for your social media websites.

Recommended For You.

This is a first in a series of posts based on my read of the potential of opensource. The first