Your Privacy At Stake! Facebook & WhatsApp Hacked By Young Geeks.
Two incidences occurred last week, involving world’s most widely used social networking site Facebook and messaging app Whatsapp, which tells us how vulnerable their security structures are and how easily our privacy can be attacked.
Your All Facebook Photos Could Be easily Deleted
22 year old student from India, Laxman Muthiyah was able to delete photo album of any Facebook user, using just 4 lines of codes. It is as scary as it sounds!
Few days back, Laxman was playing around with Facebook’s Graph API and Facebook Access Tokens, when suddenly he discovered this vulnerability. All needed was the unique access token which is assigned to every Facebook profile, which appears in the URL of all photos, albums and posts of that user.
He sent these 4 lines of codes to Facebook’s API:
And Facebook’s servers replied back:
Or, in layman’s language, album deleted.
Here is a video uploaded by Laxman where he demonstrates this hack:
Considering that he had no evil intentions, he immediately contacted Facebook’s security team, which responded within 2 hours, and rectified this security flaw.
The Facebook Bug Bounty Program, which rewards such reporting of security flaws recognized the awesome work done by Laxman, and rewarded him with $12,500
There are more than 350 million images uploaded everyday on Facebook, and there are 1.2 billion users of this website. Imagine the mayhem and destruction which Laxman could have done from this exploit. $12,500 reward, is actually only a fraction of what could have been the consequences.
WhatApp Or Stalking Tool?
A Dutch university student Maikel Zweerink has created an online tool called ‘WhatsSpy Public’, which can stalk any WhatsApp user, even if the strictest privacy settings has been activated.
Some of the activities of random WhatsApp users which can be tracked using this tool:
- Timeline depicting when the user changed their profile picture and status message
- How much time were they online; when did they come online
- Comparing usage history of two users
- Status messages history; timeline of changes
As per the Maikel, “the application is setup as a Proof of Concept that WhatsApp is broken in terms of privacy.”
Anyone can download this tool from the Internet, if he can arrange a rooted Android phone or jail broken iPhone and a SIM card number not used by WhatsApp.
At the time of writing, WhatsApp had not taken any action on this tool, and no further security measure was announced to stop its working.
Stalking has certainly been made super easy with this tool; but the question remains: Is our privacy so easy to breach and compromise?