Freelance Word Punk

[THIS SITE IS NO LONGER BEING UPDATED - IF YOU HAVE ENDED UP HERE YOU ARE IN THE WRONG PLACE, PLEASE CLICK WWW.HAPPYGEEK.COM TO VIEW NEW CONTENT BY DAVEY WINDER]

Sunday, March 22, 2015

Facebook bug let third party apps peek at your private smartphone photos

The recently revised Facebook community standards page states that the social network is on a mission "to give people the power to share and make the world more open" however it appears that it may have been giving the wrong people the power to share stuff you thought was private. According to security researcher and bug bounty hunter Laxman Muthiyah Facebook's photo sync feature came with a critical flaw which "allows any malicious Facebook application to read your mobile photos." The vulnerability concerns Facebook's Photo Sync feature for mobile users, which was introduced back in 2012 but because it was an opt-in thing might have luckily passed many users by. If you had, however, have turned it on then any photos you took with the phone would automatically be uploaded to the Facebook cloud where they would be stored for future use. That use could be for including in your Facebook postings, and the sync feature would give you quicker access to all your images in theory, or maybe it could be seen as a handy backup system in case anything happened to your phone. The photos in the Facebook cloud were marked as private so could not be seen by anyone else, again in theory. In practise, third party apps that you had authorised to access your mobile photos could see them as well.
Newer Post Older Post Home

Blog Archive




Co-founder of IT Security Thing Ltd, Davey Winder is a three time winner of the Information Security Journalist of the Year award (2006/2008/2010) and received the prestigious Enigma Award for his lifetime contribution to information security journalism in 2011.



Simple theme. Powered by Blogger.