BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Facebook Camera App Vulnerable to Man in The Middle Attack

From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Wed, 26 Dec 2012 11:45:23 -0600
http://thehackernews.com/2012/12/facebook-camera-app-vulnerable-to-man.html

Egypt-based security researcher reported that Facebook Camera App for
mobiles are Vulnerable to Man in The Middle Attack, that allow an
attacker to tap the network and hijack Camera users accounts and
information like email addresses and passwords can be stolen.

Mohamed Ramadan trainer with Attack-Secure, who previously reported us
about similar vulnerability in Etsy app for iPhone

Mohamed explains "The problem is that the app accepts any SSL
certification from any source, even evil SSL certifications, and this
enables any attacker to perform man in the middle attacks against
anyone who uses the Facebook Camera app for IPhone. This means that
the application doesn’t warn the user if someone in the same (Wi-Fi
network) is trying to hijack his or her Facebook account."

Facebook suggest users to upgrade the Camera application To Version
1.1.2. A statement released by the company says “We applaud the
security researcher who brought this bug to our attention for
responsibly reporting the bug to our White Hat Program. We worked with
the team to make sure we understood the full scope of the bug, which
allowed us to fix it and upgrade the Camera application without any
evidence that this bug was exploited in the wild. Users are only
vulnerable if they are using an unsecured or untrusted public wireless
network and an older version of the application."

"As always, we remind all users to only connect to networks they
trust. Users can protect themselves by downloading the latest version
of the Camera app. Due to the responsible reporting of this issue to
Facebook, no one within the security community has evidence of account
compromise using this bug. We have provided a bounty to the researcher
to thank them for their contribution to Facebook Security.”

Facebook suggest users to upgrade the Camera application To Version 1.1.2.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: