Bug do Facebook permite que usuários mal-intencionados excluam as fotos de qualquer pessoa

Imagem do Facebook

Pesquisadores de segurança descobriram um bug perigoso do Facebook que permite que hackers e usuários mal-intencionados excluam fotos de usuários sem acessar suas contas. Verificou-se que a vulnerabilidade fazia parte do recurso de pesquisa implementado recentemente.

Facebook Bug Can Trigger Arbitrary Photo Deletion by Malicious Users

Facebook being the the most important social media has been found to contain a yet another security vulnerability. An Iranian security expert disclosed a bug in the system that practically allows anyone to delete a photo (or another type of posted image) from any Facebook user without needing access to their account. Following the investigation the problem was identified in a new feature related to the poll function of the social network. The researcher discovered that the Facebook programmers have made a flaw in the code which allows malware users to manipulate the site into deleting the posted content.

The discovery comes as a surprise as the poll feature was introduced earlier this month both on the desktop site and the mobile applications. It is used by Facebook’s users to create polls and upload photos or animated GIF pictures to go alongside the proposed options. This procedure actually holds the vulnerable code which is actually a flaw in the implementation.

Story relacionado: Vírus Facebook detectado em curso Ataque Worldwide

How the Facebook Bug Works

The principle behind the discovered Facebook bug is actually pretty simple. Every time a user creates a poll on the site the field values containing images are posted by sending a network GET request to the remote host location. Like other web components every image is assigned a certain component or ID automatically. The security researcher uncovered that if the image is changed the exact ID will be exposed in the poll itself.

Facebook relies heavy on a complex script engine that powers the site which allows users to execute commands on it if they have access to the necessary values and permissions. Since the image ID was exposed and the site allows commands execution the poll creator can effectively delete anyone’s photo on Facebook by using the discovered image ID.

Similar abuse is not unknown to Facebook. In the past web developers and security experts reported a Graph API technique which also allows image deletion of photos from Facebook users without accessing their accounts directly. The reported incidents and vulnerabilities showcase that while the social networks continues to grow by adding new features it should focus more on tighter security and thorough code analysis. Fortunately no abuse has been reported so far.

Story relacionado: Bug do Facebook revela o endereço de e-mail principal de qualquer usuário

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts - Local na rede Internet

Me siga:
TwitterGoogle Plus

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar