Latest News

NSW' $969m single digital patient record at risk of cost overruns

QBE backs leadership and startup culture to deliver transformation

ATA asks fed gov to make triple zero "compliant" device list public

Australian teenagers ask High Court to block social media ban

TPG Telecom says disaster roaming deal with Telstra and Optus is close

Facebook pics uploaded in the clear

By Darren Pauli

Sep 19 2013 5:53PM

Android app gaffe.

Facebook has closed a hole that allowed photos to be downloaded and uploaded over an insecure connection.

Facebook pics uploaded in the clear

The flaw affected the site's Android main mobile and messenger applications and meant user's pictures were sent over the HTTP protocol, in contravention of Facebook's bid to push all traffic via HTTPS.

Images sent over wireless networks could be intercepted by attackers sniffing the traffic. While the impact for users was likely low, users connecting to public networks were most at risk.

Researcher Mohamed Ramadan reported the flaw to Facebook and was paid $2000 for the efforts.

Concerned users should update their apps through the official Google Play Store.

"It is time to update your Facebook apps right now," Ramadan said.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

android apps bug bounties facebook security

Partner Content

What Embracing the AI Platform Shift Really Means

Partner Content What Embracing the AI Platform Shift Really Means

How small audio upgrades can enhance your hybrid work and improve business ROI

Partner Content How small audio upgrades can enhance your hybrid work and improve business ROI

Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Partner Content Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

ElasticON Sydney 2025: Deriving value from your data with Search AI

Partner Content ElasticON Sydney 2025: Deriving value from your data with Search AI

Sponsored Whitepapers

Make cloud predictable again

Make cloud predictable again

Cut through the SASE confusion

Cut through the SASE confusion

AI Readiness Starts Here: Build a Future-Proof, Value-Driven AI Strategy with Brennan

AI Readiness Starts Here: Build a Future-Proof, Value-Driven AI Strategy with Brennan

Build the Infrastructure for Your AI Revolution

Build the Infrastructure for Your AI Revolution

2026 Engineering Reality Report

2026 Engineering Reality Report

Events

iTnews Executive Retreat - Security Leaders Edition

Most Read Articles

Labor bets on agency to monitor AI companies

Labor bets on agency to monitor AI companies

Australia, US and UK sanction Russian cyber firms over ransomware links

Australia, US and UK sanction Russian cyber firms over ransomware links

Startup finds flaws in popular VoIP products

Startup finds flaws in popular VoIP products

JPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack

JPMorgan, Citi, Morgan Stanley client data may be exposed by vendor's hack

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories