This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 8 °C Wednesday 20 November, 2019
Advertisement

There's a hole in Facebook's security that leaves you open to attackers

But you can fix it pretty easily.

Image: Dominic Lipinski/Press Association Images

FACEBOOK HAS A security flaw which would allow someone to access all your personal data just by guessing your mobile number.

The exploit, which would expose data like your name, location and images, was discovered by Reza Moaiandin, the technical director at SEO company Salt Agency, by accident.

While most of this data is publically available, the concern is that it could be combined with other data, revealing more about the user, and then sold off.

So what’s the issue?

The issue is down to Facebook allowing you to search for anyone by putting their phone number into a search box.

If someone had knowledge of how the exploit worked, they could set up a script to automatically put in all possible number combinations, and discover each users’ Facebook user ID.

That information can be placed in Facebook’s GraphQL, which Facebook uses to organise its data, and highlight all the information the site has on these users.

The information in question is usually available to the public, but Moaiandin’s fear is that by collecting all of this data on a large scale, it could easily be combined with other stolen data, revealing more about the user, before it’s sold on.

Is Facebook doing anything about this?

Moaiandin contacted Facebook about the flaw back in April and while he received a reply, the engineer he was in contact with was unable to reproduce the issue. After a few months had passed and Facebook didn’t consider it a security vulnerability, he decided to make it public as a way to catch Facebook’s attention.

He believes that Facebook can fix the problem by limiting the requests from a single user, and detecting patterns, as well as pre-encrypting all of its data.

So how can I protect myself?

If you go into settings, and then privacy, you will be presented with a subheading saying ‘Who can look me up?’. Go into the section concerning your phone number and change your status from ‘Everyone’ to ‘Friends’ if it’s not already changed.

Read: Your phone has a music on/off timer that you might not know about >

Read: Is Nokia really making a return to the smartphone market? >

  • Share on Facebook
  • Email this article
  •  

About the author:

Quinton O'Reilly

Read next:

COMMENTS (10)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel