Facebook eliminated potential 'webcam spying' hack this summer
Research firm rewarded for discovering bug
A Facebook security vulnerability, which could have been exploited to activate a user's webcam and record them without their knowledge, was closed off this summer, it has been revealed.
Facebook paid Indian research firm XY Security a $2,500 (UK£1,546, AUD$2,409) "bounty" in July for discovering the issue and drawing the bug to its attention, the social network has confirmed.
The flaw, which Facebook said had never exploited by a potential 'Peeping Tom', could, conceivably have troubled users who had already agreed to give Facebook permission to access the camera.
Beyond that the user would have to be 'tricked' into visiting a malicious page, then agree to activate the camera - allowing the spy/pervert to begin recording.
Five times the going rate
Facebook must have felt the threat was serious at it paid five times its usual rate to the two researchers who reported the flaw.
"This vulnerability, like many others we provide a bounty for, was only theoretical, and we have seen no evidence that it has been exploited in the wild," Facebook spokesperson Josh Wolens told Bloomberg.
"Essentially, several things would need to go wrong - a user would need to be tricked into visiting a malicious page and clicking to activate their camera, and then after some time period, tricked into clicking again to stop/publish the video."
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Facebook is one of many Silicon Valley heavyweights (other notables being Google and Mozilla) who offer 'bug bounties', paying out millions to researchers who spot flaws and potential dangers.
A technology journalist, writer and videographer of many magazines and websites including T3, Gadget Magazine and TechRadar.com. He specializes in applications for smartphones, tablets and handheld devices, with bylines also at The Guardian, WIRED, Trusted Reviews and Wareable. Chris is also the podcast host for The Liverpool Way. As well as tech and football, Chris is a pop-punk fan and enjoys the art of wrasslin'.
New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration
TrueNAS device vulnerabilities exposed during hacking competition
Could this be Dell's fastest laptop ever built? Dell Pro Max 18 Plus set to have 'RTX 5000 class' GPU capabilities and Tandem OLED display