Facebook has been ramping up the security of the social network to ensure the privacy as well as security of user data. However, it seems that the security measures were focused more on the regular website, with the mobile website being ignored on the way. A security researcher has now discovered a major flaw in the latter; one which could compromise the data of millions of users.
Suriya Prakash is a security enthusiast and he is the one who discovered the vulnerability in Facebook’s mobile site. Prakash said that he alerted Facebook about the flaw but the social network giant didn’t attend to his discovery.
According to him, “About a month ago I was just browsing Facebook on my Facebook mobile application and it had an option called ‘Find friends using contacts’ — what it does is that it compares the contact list from your phone to the Facebook database to see if you have any friends that are in your contacts but not on your Facebook account.”
Prakash further says that he realized that by simply searching any person’s phone number, he could view that person’s account. He then wrote a script which automatically populated his phone book and then used this phone book to view the accounts of thousands of people. The script kept running for four days straight without any qualms and only then did Facebook realize the activity that was going on.
Facebook, on the other hand, released a statement saying, “Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked. We are constantly updating these systems to improve their effectiveness and address new kinds of attacks.”
Courtesy: Hot Hardware