Bloomberg's Jordan Robertson reports that Facebook has patched a vulnerability that could have enabled attackers to turn on victims' webcams, then post recorded videos to their Facebook profiles.
"The bug was discovered in July by two computer-security researchers in India, according to Fred Wolens, a spokesman for Facebook," Robertson writes. "Aditya Gupta and Subho Halder, founders of a consulting firm called XY Security, reported their findings to Facebook, which paid them $2,500 in cash for the information, they said. Facebook seems to have deemed this particular bug as 'serious' because the company paid five times its usual price, the two researchers said."
"The flaw, which Facebook said had never exploited by a potential 'Peeping Tom,' could conceivably have troubled users who had already agreed to give Facebook permission to access the camera," writes TechRadar's Chris Smith. "Beyond that the user would have to be 'tricked' into visiting a malicious page, then agree to activate the camera -- allowing the spy/pervert to begin recording."
"The social network participates in a bug bounty program, similar to its competitor, Google," writes VentureBeat's Meghan Kelly. "The program allows anyone registered to poke around Facebook and find holes in the company’s code or code from external programs it may use that could lead to a security incident. The idea is to catch them with white hat hackers before the black hats take advantage of the situation."
"All told, Facebook, Google, and Mozilla have paid more than $2 million to researchers for finding bugs," writes TweakTown's Trace Hagan.