Facebook recently fixed a bug that would have let criminals turn on a person’s webcam and record them without their knowledge, according to Bloomberg. The Indian research firm XY Security found this vulnerability.
The hole that affected both Windows and Mac machines was reported to Facebook in July and shut down soon thereafter. Facebook spokesperson Fred Wolens confirmed to Bloomberg that the bug had not affected anyone in the billion-person social network.
Wolens explained that the bug only could have affected those who have previously gave Facebook permission to access that computer’s webcam. A criminal could then post a “malicious page” which would prompt the user to activate the webcam, which would start the recording process. The video could only be published if the user then went back to that page and deactivated the web cam, according to Wolens.
Seems like a farfetched attack process, but companies are right to be sensitive to any matters associated with the webcam. Stealing video of a person without their consent or knowledge brings concerns to a whole new level. It seems Facebook agrees and paid the researchers $2,500.
The social network participates in a bug bounty program, similar to its competitor, Google. The program allows anyone registered to poke around Facebook and find holes in the company’s code or code from external programs it may use that could lead to a security incident. The idea is to catch them with white hat hackers before the black hats take advantage of the situation.