Saturday, June 12, 2021

An error of coding results attacker will delete a live video of Facebook

Must Read

Chinese hackers had access to U.S. hacking tools and cloned an attack tool

Chinese threat actors "cloned" and used a Windows zero-day exploit stolen from the NSA's Equation Group for years before...

Sopra Steria: Ryuk Attack May Cost Us $60m

French IT services giant Sopra Steria has confessed ransomware attack on its systems a month is very likely to...

Cyber Criminals Exploit zero-day vulnerability in FTA servers for Data Theft and Extortion

Cybersecurity company FireEye said today cybercriminal gang known as FIN11 performed a zero-day attack on Accellion FTA servers that...

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video without the user’s permission.

On April 17, security researcher Ahmad Talahmeh published a statement outlining how the threat works, as well as a Proof-of-Concept (POC) code that can launch an attack.

Facebook Live Video allows users to stream and publish live streams, a feature widely accepted not only by individuals but also by companies and organizations around the world – especially during the COVID-19 epidemic due to home orders.

Owners can publish live streams on page, group, and event. When the broadcast is over, users can start cutting the video to cut out unnecessary content in their streams, such as rubbing between timestamps.

Talahmeh found a problem with this feature that allows live video to be cut in the name of the owners until it is removed, an unexpected behavior that may have consequences for privacy and security.

The problem lies in reducing the video to five milliseconds, according to the researcher.

“Cutting the video by five milliseconds will cause the video to be 0 seconds long and the owner will be able to delete it,” Talahmeh said.

After receiving the live video ID and current user ID, the code containing the combined video request to be cut can be sent to remove the video

Talahmeh reported his findings to the media giant on September 25, 2020. The issue was triaged within two hours and a patch was confirmed by Facebook three days later. The $ 11,000 bounty was released via BountyCon 2020 and two additional gifts, $ 1150 and $ 2300, were later donated by Facebook.

A bug bounty researcher has described how to remove any live video from the platform, a $ 2875 bug bounty report.

Also, another security issue surrounding Facebook business pages and updates informing customers of any changes made by COVID-19 – such as changes in opening times, delivery, or access to physical stores – was discovered by Talahmeh.

The system “Coronavirus (COVID-19) Update From {page name}” may be updated with analysts’ permissions – usually read-only – and the report received Talahmeh $ 750.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This