Facebook mends security flaw that threatened users



The latest update to Facebook's mobile app has fixed a security flaw that could have seen users' mobile phone bills suddenly increase.

The vulnerability made it possible for scammers to cause a denial-of-service attack on the device or run up the victim's phone bill by transferring large amounts of data to and from the handset.

Researchers at a foundation in Argentina discovered the flaw, which lies in the way the app handles HTTP requests. As part the video playback process, the app's HTTP server will accept requests from any client, making it vulnerable to attack.

"The application embeds a generic HTTP server component that is used as a caching proxy for playing video recordings. This server is misconfigured and accepts requests from any client, local or remote, allowing attackers to connect to it and use a victim's device as an open proxy. As a result, among other things, an attacker could carry out various forms of denial of service attacks such as filling up the device's storage or running up the subscriber's data transfer limit over 3G or LTE networks," the report said.

The update also fixes two other security flaws within the Facebook app, one that allows attackers to intercept video content and another that could leak audio recordings of chat messages. The latter issue was also present in the Facebook Messenger application for Android.

The Facebook app vulnerabilities were fixed with the release of version 13.0.0.13.14 earlier this month.




More

3 Critical Things To Do If You Are Letting (You Are) IoT Into Your Home

I had an email exchange with Timur Kovalev, CTO of Untangle , on IoT and the focus was what 3 things are critical to anyone building a Smarthome. Since I have a Smartphone, which doesn’t always work as it should, to me the subject was topical. So let’s get to it. Figure out what’s connected and what’s calling home : Timur wrote “If you don't know which devices are connecting to your network, you can't properly secure them. Consider putting a firewall with application-level visibility at the gateway to prevent malicious access attempts while giving you a deeper view into what requests your...

Xiaomi MiBand 2 Hands On and Price

Xiaomi has finally introduced the Mi Band 2 and I am impressed.

S Korea Issues Warrant Against Volkswagen Exec in Emissions Probe

4,400 Korean consumers have filed a lawsuit against Volkswagen demanding compensation over false emissions claims.