VPN Articles and News

New Facebook Flaw Allows Attackers To Gain Control Of Users’ Machines

Sunday, August 2nd, 2015

Security researcher David Sopas has discovered two new security flaws within Facebook which could have serious consequences for the social networking site’s users. While the first vulnerability discovered by him allows the attackers to upload files on the Facebook website, the second allows hackers to gain control of users’ machines under certain circumstances. The details of these security issues were published on WebSegura.net, a Portuguese portal dedicated to computer security and managed by Sopas in collaboration with his partners.

The first (and more serious) security issue allows attackers to implant a malicious file on a Facebook users’ computer and eventually gain control over it. The flaw relies on a vulnerability present in Reflected File Download (RFD), a new type of web attack vector which is increasingly finding favor among the hacker community. The worrying part is that the file download seems totally legit and seems to originate from Facebook itself. Internally the flaw exploits the Graph API used by the social site and is invoked through browsers like Internet Explorer, Opera or Chrome. The vulnerability can also spread quickly among the Facebook community through malicious links that are sent through posts and messages.

While it may seem that the security flaw could propagate on its own, in reality it requires significant input from the users. Facebook users who are still using older versions of browsers (IE 8 or earlier) would need to download and execute the malicious file while those with the latest versions would need to click on a non-Facebook link and then download the file in order to fall prey to the vulnerability. Explaining the methodology of the attack, Sopas said that since the download link looks like a secure URL and uses a trusted domain, users need to exercise extreme caution while downloading such files from the internet.

The second security issue identified by Sopas allows the attackers to upload dangerous files on Facebook servers simply by changing the file extension. The vulnerability makes use of the Ads/Tools/Text_Overlay tool used by the social site to check whether the uploaded images are compatible with the platform. Sopas said that the vulnerability allows anyone to upload executable files on Facebook servers or even use the social site as a file repository. He also added that he was able to transfer a batch file to Facebook without any difficulty and access it at later by logging into his Facebook account. Sopas advised Facebook users to inspect all the links before clicking on them to remain safe from the vulnerability.

Although Sopas contacted Facebook as soon as he became aware of these two security issues, the social site didn’t seem to be in a hurry to fix them. As a matter of fact, Facebook’s security team told him bluntly that it is nearly impossible to control downloads or app formats being used in computers these days. While Sopas remains hopeful that the flaws would be fixed in the near future, it is up to the users to take precautions to remain safe from these two vulnerabilities.

August 2, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 1 =