Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl
— Joshua Maddux (@JoshuaMaddux) November 10, 2019
Buggy iOS Version
Responses to the tweet (as well as reactions to the news from other quarters) have varied, from those who believe that the feature could be slightly concerning to those who have assumed the worst and thrown Facebook under the bus once more. Given the company’s extensive history of data breaches and vulnerabilities.However, it has now been identified as the actions of a bug that affects iPhone users. Providing further clarity on his findings, Maddox claimed that he had discovered some issues on separate devices running on the iOS 13.2.2. According to him, this issue doesn’t affect iPhone devices running on the older operating system. Basically, only those who have upgraded their OS versions to the latest iOS 13 offering and have granted the app access to their microphones and cameras are vulnerable. It is widely believed that the bug is related to the “story” feature on Facebook and Instagram apps, which automatically opens the microphone and camera for users to take pictures and videos. A simple workaround for the bug has been identified as well; just go to the iOS settings and revoke the microphone and camera access that the Facebook app has.Today, while watching a video on @facebook, I rotated to landscape and could see the Facebook/Instagram Story UI for a split second. When rotating back to portrait, the Story camera/UI opened entirely. A little worrying… pic.twitter.com/7lVHHGedGf
— Neo QA (@neo_qa) November 2, 2019
Facebook Can’t Escape Data Issues
The vulnerability is the latest in a long line of gaffe that Facebook has committed over the past two years; gaffes which have consistently threatened the company’s standing among investors and users alike.Just last week, the company announced in a blog post that even after it had shut down its Groups system last year, some app developers still gained unsanctioned access to information about several members. Per the post, about 100 developers might have accessed user information since the rules were changed in April 2018, and at least 11 of those developers used member data in the past two months. Ideally, administrators on Facebook groups can use third party tools to manage their forums, thus giving these apps more information about the activities of the group. However, since the changes were made, developers were unable to see members’ names, profile pictures, and other unspecified profile data.Facebook’s Latest #Privacy Mishap:
— The Hacker News (@TheHackersNews) November 6, 2019
Social media company today revealed that a bug in its system unknowingly allowed 100 app developers to ‘improperly access’ data on members in certain Facebook groups.
Read more: https://t.co/bITr6uW1ob#infosec | #cybersecurity@Swati_THN pic.twitter.com/tPhGtNlebG
The Groups Application Program Interface was locked down as part of a general crackdown that was instituted in the wake of the Cambridge Analytica scandal. It added rules which required developers to get approval before using the API, before the system was relaunched with new features in July 2019.
What do you think about Facebook’s data issues? Let us know your thoughts in the comments below.
Images are courtesy of Twitter, Shutterstock, Pixabay.
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.