A security flaw in Facebook could have let hackers access your private photos
Laxman Muthiyah found that any app could get access to private photos by exploiting a weakness in Facebook's API and pretending to be an app that is actually meant to view the photos.
Facebook has already patched the vulnerability, reportedly closing the security hole in 30 minutes by whitelisting official apps that are meant to have access, blocking those that could have used the site's vulnerability to gain access to images they weren't supposed to.
There are large numbers of Facebook applications which uses user_photos permission to read user's public photos. A malicious app which you are using can read all of your private photos in few seconds.
The problem of malicious apps accessing photos that are meant to remain private is one that has existed for a long time, and not just on Facebook. Last year, a Snapchat client was discovered to have been storing private photos and videos, and its database of images was hacked and posted online.
One reason why security researchers spend so long hunting for bugs in Facebook is the fact that it offers large cash rewards. Muthiyah received a $10,000 reward for his research.
Here's the message that Muthiyah received after Facebook fixed the flaw:
- A college is removing its vending machines after a student discovered they were using facial-recognition technology
- 11 states pay more in federal taxes than they get back - here's how every state fares
- Steve Jobs once said the best managers are 'individual contributors' who aren't interested in managing people
- Fuel your morning: Wholesome South Indian breakfast ideas for health
- Vodafone Idea shares tumble 14%, mcap erodes ₹10,806.7 cr
- National parties declare income of ₹3,077 cr in 2022-23; BJP has highest share
- Human trials may reveal efficacy of new Rs 100 cancer pill: Docs
- Multiplexes' revenue growth to dip to 15% in FY25 as OTTs crimp profit margins