Facebook pics uploaded in the clear

By

Android app gaffe.

Facebook has closed a hole that allowed photos to be downloaded and uploaded over an insecure connection.

Facebook pics uploaded in the clear

The flaw affected the site's Android main mobile and messenger applications and meant user's pictures were sent over the HTTP protocol, in contravention of Facebook's bid to push all traffic via HTTPS.

Images sent over wireless networks could be intercepted by attackers sniffing the traffic. While the impact for users was likely low, users connecting to public networks were most at risk.

Researcher Mohamed Ramadan reported the flaw to Facebook and was paid $2000 for the efforts.

Concerned users should update their apps through the official Google Play Store.

"It is time to update your Facebook apps right now," Ramadan said.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

Department of Health to centralise SecOps model

Department of Health to centralise SecOps model

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Log In

  |  Forgot your password?