Facebook has found itself engulfed in yet another hacking scandal, only this time, it’s scarier than a simple malware problem. A hacker has been able to exploit a major privacy flaw in the social networking giant’s OAuth permissions to access almost anyone’s private data.
Security hacker Nir Goldshlager described his exploits in a blog post, detailing how he went about working through a flaw in the website. The OAuth permission crops up every time an application needs some or all of your information to run smoothly on Facebook. When you hit the ‘Allow’ button on the site, the application gets access to information like your name, your age, your location and more. The app can even seek permission to post on your timeline on your behalf.
“I found a way in to get a full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos,etc..) over the victim account even without any installed apps on the victim's account,” Goldshlager revealed. “By exploiting this flaw I could steal unique access tokens that provides me full control over any Facebook account,” he wrote.
Goldhshlager was able to pull this off by manipulating the OAuth URL, which allowed him to redirect a user to a test application he had set up. The test application would further redirect the oblivious user to Goldhshlager’s own site, where an access token would be stored.
A user usually needs to click on the ‘Allow’ button in order to let his information to be accessed. But Goldshlager was able to bypass this security process by going through Facebook’s messaging app. The message feature does not need a user to grant it any permission to access data, thereby cutting out the user completely from the process. The flaw continued to work till the user had changed his or her password, Goldhshlager noted.
Thankfully, the Goldhshlager brought this flaw to Facebook’s notice, thereby earning himself a place in the company's White Hat Program hall of fame. “We applaud the security researcher who brought this issue to our attention and for responsibly reporting the bug to our White Hat Program,” a Facebook representative told Daily Dot. “We worked with Mr Goldshlager to make sure we understood the full scope of the vulnerability, which allowed us to fix it without any evidence that this bug was exploited in the wild, Due to the responsible reporting of this issue to Facebook, we have no evidence that users were impacted by this bug. We have provided a bounty to the researcher to thank them for their contribution to Facebook Security.”
Earlier this month, Facebook fell victim to a series of sophisticated attacks that had resulted in malicious software being installed on certain employees' laptops. The incident occurred when a handful of employees visited a mobile developer website that had been compromised.
The discovery was made by Facebook security in January but the social networking site was quick to point out that they had found "no evidence that Facebook user data was compromised."
Published Date: Feb 26, 2013 06:00 pm | Updated Date: Feb 26, 2013 06:00 pm