A Facebook
security vulnerability, which could have been exploited to activate a user's
webcam and record them without their knowledge, was closed off this summer, it
has been revealed.
Facebook paid
Indian research firm XY Security a $2,500 (UK£1,546, AUD$2,409)
"bounty" in July for discovering the issue and drawing the bug to its
attention, the social network has confirmed.
The flaw, which
Facebook said had never exploited by a potential 'Peeping Tom', could,
conceivably have troubled users who had already agreed to give Facebook
permission to access the camera.
Beyond that the
user would have to be 'tricked' into visiting a malicious page, then agree to
activate the camera - allowing the spy/pervert to begin recording.
Five times the going rate
Facebook must
have felt the threat was serious at it paid five times its usual rate to the
two researchers who reported the flaw.
"This
vulnerability, like many others we provide a bounty for, was only theoretical,
and we have seen no evidence that it has been exploited in the wild,"
Facebook spokesperson Josh Wolens told Bloomberg.
"Essentially,
several things would need to go wrong - a user would need to be tricked into
visiting a malicious page and clicking to activate their camera, and then after
some time period, tricked into clicking again to stop/publish the video."
Facebook is one
of many Silicon Valley heavyweights (other notables being Google and Mozilla)
who offer 'bug bounties', paying out millions to researchers who spot flaws and
potential dangers.
There will always be another hack. The only way to protect yourself from webcam
spying is with a webcam cover. C-SLIDE
is the best webcam cover on the market today buy one now.
No comments:
Post a Comment