Skip to main content

Facebook has fixed a serious security bug

Facebook has fixed a serious security bug that could have been exploited by hackers to delete any video shared by anyone on their wall.


A new bug was discovered in the Facebook platform by the security researcher Dan Melamed, the flaw could be exploited to delete any video shared by anyone on their wall.
Dan Melamed explained that a similar issue was discovered in June 2016 by the Indian security researcher Pranav Hivarekar who demonstrated that was able to delete any video by exploiting a security issue that exits in the recently introduced video comment feature.
The new but discovered by Melamed allowed him to delete any video on Facebook shared by anyone without having any permission or authentication. The expert also discovered that was possible to disable commenting on the video of your choice.
“Back in June of last year I discovered a critical vulnerability that allows me to remotely delete any video on Facebook. In addition, I also had the ability to disable commenting on any video. This allows a bad actor the ability to delete videos on Facebook without permission or authentication.” states the blog post published by Melamed.
The expert detailed the steps to exploit the vulnerability. He first created a public event on the Facebook page and uploaded a video on the Discussion part of the event.
The expert analyzed a POST request while uploading a video using the Fiddler debugging proxy and noticed the presence of a Video ID that could be manipulated. Melamed discovered that was possible to replace the Video ID value of the video he uploaded with Video ID value of any other video, in turn, the platform responded with a server error (i.e. “This content is no longer available,“).
Despite the error message the new video was successfully posted and displayed on the user’s wall.
Once posted the video, Melamed deleted the event post and eventually deleted the attached video, this operation triggered the removal of the video from Facebook and the wall of the victim.
“You will also notice in the drop down section that there is the option to “Turn off commenting.” This allows you to disable commenting on the video of your choice,” Melamed writes.

Popular posts from this blog

Hack-Proof Satellite

Japan plan to develop a hack proof satellite system to protect transmissions between satellites and ground stations with a dynamic encryption of data. Japan’s Internal Affairs and Communications Ministry plans to develop a communications system to protect satellites from cyber attacks. The hack proof satellite system will protect transmissions between satellites and ground stations implementing a dynamic encryption of data. “With the proposed plan, the government aims to establish a secure communications network that is unique to Japan, for domestic security purposes and to spur investment in the private-sector aerospace industry.” reported the Water town Daily Times. The ambitious project of a hack proof satellite system is led by the National Institute of Information and Communications Technology under the jurisdiction of the ministry, it will involve government, industry and academic institutions. The goal is to propose the system for commercial purposes in five to 10
Read more

Hack the popular secure messaging applications WhatsApp and Telegram

A single picture could have been used by attackers to hack the popular secure messaging applications WhatsApp and Telegram. Security experts from checkpoint have discovered a vulnerability that was present in both messaging services. The hack only affected the browser-based versions of both WhatsApp and Telegram. The flaw affected the way both apps process images and multimedia files, in both cases they lack verifying the presence of malicious code inside the media files. This flaw, if exploited, would have allowed hackers to take over victims’accounts on any browser. The attackers would have exploited the issue to access victims’ personal and group conversations, videos, photos, and other shared files, contact lists, and much more. The attack starts by sending an image containing a hidden malicious code, the flaw is triggered when the victim clicks on the picture. “The exploitation of this vulnerability starts with the attacker sending an innocent looking file to the
Read more