Facebook pics uploaded in the clear

By on
Facebook pics uploaded in the clear

Android app gaffe.

Facebook has closed a hole that allowed photos to be downloaded and uploaded over an insecure connection.

The flaw affected the site's Android main mobile and messenger applications and meant user's pictures were sent over the HTTP protocol, in contravention of Facebook's bid to push all traffic via HTTPS.

Images sent over wireless networks could be intercepted by attackers sniffing the traffic. While the impact for users was likely low, users connecting to public networks were most at risk.

Researcher Mohamed Ramadan reported the flaw to Facebook and was paid $2000 for the efforts.

Concerned users should update their apps through the official Google Play Store.

"It is time to update your Facebook apps right now," Ramadan said.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

  |  Forgot your password?