Sunday, March 22, 2015
Facebook bug let third party apps peek at your private smartphone photos
The recently revised Facebook community standards page states that the social network is on a mission "to give people the power to share and make the world more open" however it appears that it may have been giving the wrong people the power to share stuff you thought was private. According to security researcher and bug bounty hunter Laxman Muthiyah Facebook's photo sync feature came with a critical flaw which "allows any malicious Facebook application to read your mobile photos." The vulnerability concerns Facebook's Photo Sync feature for mobile users, which was introduced back in 2012 but because it was an opt-in thing might have luckily passed many users by. If you had, however, have turned it on then any photos you took with the phone would automatically be uploaded to the Facebook cloud where they would be stored for future use. That use could be for including in your Facebook postings, and the sync feature would give you quicker access to all your images in theory, or maybe it could be seen as a handy backup system in case anything happened to your phone. The photos in the Facebook cloud were marked as private so could not be seen by anyone else, again in theory. In practise, third party apps that you had authorised to access your mobile photos could see them as well.