Facebook Patches Webcam Vulnerability After Receiving Hacker Tip

Saturday, 29 Dec 2012 06:41 PM

 

Share:
  Comment  |
   Contact Us  |
  Print  
|  A   A  
  Copy Shortlink
Facebook has patched a security vulnerability that would have allowed hackers to turn on users’ webcams without their knowledge and post videos to their profiles.

The bug was discovered in July by two computer-security researchers in India, according to Fred Wolens, spokesman for Facebook. Aditya Gupta and Subho Halder, founders of a consulting firm called XY Security, reported their findings to Facebook, which paid them $2,500 for the information, Bloomberg.com reported on its Tech Blog. Facebook seems to have deemed this particular bug as “serious” because the company paid five times its usual price, the two researchers said.

Facebook is one of a few technology companies — along with Google and Mozilla, maker of the Firefox browser — encouraging outsiders to hack into their products in return for payouts. Some companies, notably Microsoft, have shunned “bug bounties” because they might wind up rewarding criminals.

An investigation by Facebook when it fixed the webcam hole found that no users appeared to be affected, Wolens said.

“This vulnerability, like many others we provide a bounty for, was only theoretical, and we have seen no evidence that it has been exploited in the wild,” Wolens wrote in an e-mail. “Essentially, several things would need to go wrong — a user would need to be tricked into visiting a malicious page and clicking to activate their camera, and then after some time period, tricked into clicking again to stop/publish the video.”

Many companies choose to pay researchers such as XY Security for bugs because the alternative can be much worse. Such information can fetch high prices on the black market from criminals who try to find ways to shake down Internet surfers, costing site administrators more in the end.

Facebook’s “peeping Tom” bug could have been exploited on either Windows or Mac computers, the researchers said. The Facebook vulnerability found by XY Security was related to how the site verified requests to record and post webcam video, they said. People who had previously granted Facebook’s site access to their webcams would have been vulnerable, he said.

Facebook, Google and Mozilla have paid researchers more than $2 million combined through their bounty programs, according to the companies. Google has paid as much as $60,000 (plus a free laptop) for information about weaknesses in its Chrome Web browser, and Facebook has expanded its program to cover not only the Facebook site but also the company’s corporate network.

Before reporting the webcam bug to Facebook, Gupta and Halder had been building a reputation in the tech industry as professional bug-bounty hunters. The researchers, who are in their early-20s, had previously reported software vulnerabilities to Apple, Google, Microsoft and EBay's PayPal, they said.

© Copyright 2014 Bloomberg News. All rights reserved.

Share:
  Comment  |
   Contact Us  |
  Print  
  Copy Shortlink
Around the Web
Join the Newsmax Community
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
 
Email:
Retype Email:
Country
Zip Code:
 
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
Around the Web
You May Also Like

HBO Strikes Deal with Amazon to Stream Shows

Wednesday, 23 Apr 2014 13:53 PM

Amazon will begin streaming some HBO shows to its premium customers next month, the companies said on Wednesday, in a mo . . .

Scientists Locate Shipwreck in San Francisco Bay

Wednesday, 23 Apr 2014 12:13 PM

Federal ocean scientists have found the wreckage of a steamship that sunk in San Francisco Bay in 1888, a disaster that  . . .

Spacewalking Astronauts Complete Urgent Repair Job

Wednesday, 23 Apr 2014 12:12 PM

Spacewalking astronauts replaced a dead computer outside the International Space Station on Wednesday and got their orbi . . .

Most Commented

Newsmax, Moneynews, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, NewsmaxWorld, NewsmaxHealth, are trademarks of Newsmax Media, Inc.

 
NEWSMAX.COM
America's News Page
©  Newsmax Media, Inc.
All Rights Reserved