Thursday, August 5, 2021

An error of coding results attacker will delete a live video of Facebook

Must Read

Hackers demand ransom after a cyber attack on the laboratory in Antwerp

Hoboken's medical laboratory, Het Algemeen Medisch Laboratorium (AML), was the victim of a cyber attack on Monday. The hackers...

Cyber Criminals will Increase Ransomware and BEC activities in 2021

The US-based non-profit, that offers support to breach Victims and regular updates about the scale of this challenge for...

SonicWall firewall maker hacked Via Zero-Day Flaw in its products

SonicWall, who built the communications equipment, said on Friday night, he was investigating a security breach of his internal...

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video without the user’s permission.

On April 17, security researcher Ahmad Talahmeh published a statement outlining how the threat works, as well as a Proof-of-Concept (POC) code that can launch an attack.

Facebook Live Video allows users to stream and publish live streams, a feature widely accepted not only by individuals but also by companies and organizations around the world – especially during the COVID-19 epidemic due to home orders.

Owners can publish live streams on page, group, and event. When the broadcast is over, users can start cutting the video to cut out unnecessary content in their streams, such as rubbing between timestamps.

Talahmeh found a problem with this feature that allows live video to be cut in the name of the owners until it is removed, an unexpected behavior that may have consequences for privacy and security.

The problem lies in reducing the video to five milliseconds, according to the researcher.

“Cutting the video by five milliseconds will cause the video to be 0 seconds long and the owner will be able to delete it,” Talahmeh said.

After receiving the live video ID and current user ID, the code containing the combined video request to be cut can be sent to remove the video

Talahmeh reported his findings to the media giant on September 25, 2020. The issue was triaged within two hours and a patch was confirmed by Facebook three days later. The $ 11,000 bounty was released via BountyCon 2020 and two additional gifts, $ 1150 and $ 2300, were later donated by Facebook.

A bug bounty researcher has described how to remove any live video from the platform, a $ 2875 bug bounty report.

Also, another security issue surrounding Facebook business pages and updates informing customers of any changes made by COVID-19 – such as changes in opening times, delivery, or access to physical stores – was discovered by Talahmeh.

The system “Coronavirus (COVID-19) Update From {page name}” may be updated with analysts’ permissions – usually read-only – and the report received Talahmeh $ 750.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a...

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited. Apple has revealed that...

Microsoft Releases Mitigations For New PetitPotam NTLM Relay Attack

Microsoft releases mitigations and advisory For the New PetitPotam NTLM Relay Attack that abuses a remote access protocol called Encrypting File System Remote Protocol...

Brazil is creating a cyberattack response network

Brazil is creating a cyberattack response network to promote rapid response to cyber threats and vulnerability through coordination between federal government agencies. Created by a...

More Articles Like This