Thursday, October 21, 2021

An error of coding results attacker will delete a live video of Facebook

Must Read

Web Page Layout Could Trick Users to Divulging More Information

Computer users may be manipulated into divulging more information than they'd normally simply from the design of pages, new...

Flash version was distributed in China after EOL installing adware

Although the Flash Player app has officially reached its final date on December 31, 2020, Adobe has allowed a...

Facebook fined in South Korea for sharing Consumer Information without Permission

The US technology giant shared the private information of 3.3 million consumers without their approval, the South Korean authorities...

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video without the user’s permission.

On April 17, security researcher Ahmad Talahmeh published a statement outlining how the threat works, as well as a Proof-of-Concept (POC) code that can launch an attack.

Facebook Live Video allows users to stream and publish live streams, a feature widely accepted not only by individuals but also by companies and organizations around the world – especially during the COVID-19 epidemic due to home orders.

Owners can publish live streams on page, group, and event. When the broadcast is over, users can start cutting the video to cut out unnecessary content in their streams, such as rubbing between timestamps.

Talahmeh found a problem with this feature that allows live video to be cut in the name of the owners until it is removed, an unexpected behavior that may have consequences for privacy and security.

The problem lies in reducing the video to five milliseconds, according to the researcher.

“Cutting the video by five milliseconds will cause the video to be 0 seconds long and the owner will be able to delete it,” Talahmeh said.

After receiving the live video ID and current user ID, the code containing the combined video request to be cut can be sent to remove the video

Talahmeh reported his findings to the media giant on September 25, 2020. The issue was triaged within two hours and a patch was confirmed by Facebook three days later. The $ 11,000 bounty was released via BountyCon 2020 and two additional gifts, $ 1150 and $ 2300, were later donated by Facebook.

A bug bounty researcher has described how to remove any live video from the platform, a $ 2875 bug bounty report.

Also, another security issue surrounding Facebook business pages and updates informing customers of any changes made by COVID-19 – such as changes in opening times, delivery, or access to physical stores – was discovered by Talahmeh.

The system “Coronavirus (COVID-19) Update From {page name}” may be updated with analysts’ permissions – usually read-only – and the report received Talahmeh $ 750.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This