Facebook recently fixed a bug that would have let criminals turn on a person’s webcam and record them without their knowledge, according to Bloomberg. The Indian research firm XY Security found this vulnerability.
The hole that affected both Windows and Mac machines was reported to Facebook in July and shut down soon thereafter. Facebook spokesperson Fred Wolens confirmed to Bloomberg that the bug had not affected anyone in the billion-person social network.
Wolens explained that the bug only could have affected those who have previously gave Facebook permission to access that computer’s webcam. A criminal could then post a “malicious page” which would prompt the user to activate the webcam, which would start the recording process. The video could only be published if the user then went back to that page and deactivated the web cam, according to Wolens.
Seems like a farfetched attack process, but companies are right to be sensitive to any matters associated with the webcam. Stealing video of a person without their consent or knowledge brings concerns to a whole new level. It seems Facebook agrees and paid the researchers $2,500.
The social network participates in a bug bounty program, similar to its competitor, Google. The program allows anyone registered to poke around Facebook and find holes in the company’s code or code from external programs it may use that could lead to a security incident. The idea is to catch them with white hat hackers before the black hats take advantage of the situation.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more