Egypt-based security researcher reported that Facebook Camera App for mobiles are Vulnerable to Man in The Middle Attack, that allow an attacker to tap the network and hijack Camera users accounts and information like email addresses and passwords can be stolen.
Mohamed Ramadan trainer with Attack-Secure, who previously reported us about similar vulnerability in Etsy app for iPhone
Mohamed explains "The problem is that the app accepts any SSL
certification from any source, even evil SSL certifications, and this
enables any attacker to perform man in the middle attacks against anyone
who uses the Facebook Camera app for IPhone. This means that the
application doesn’t warn the user if someone in the same (Wi-Fi network)
is trying to hijack his or her Facebook account."
Facebook suggest users to upgrade the Camera application To Version 1.1.2. A statement released by the company says “We
applaud the security researcher who brought this bug to our attention
for responsibly reporting the bug to our White Hat Program. We worked
with the team to make sure we understood the full scope of the bug,
which allowed us to fix it and upgrade the Camera application without
any evidence that this bug was exploited in the wild. Users are only
vulnerable if they are using an unsecured or untrusted public wireless
network and an older version of the application."
"As always, we remind all users to only connect to networks they
trust. Users can protect themselves by downloading the latest version of
the Camera app. Due to the responsible reporting of this issue to
Facebook, no one within the security community has evidence of account
compromise using this bug. We have provided a bounty to the researcher
to thank them for their contribution to Facebook Security.”
Facebook suggest users to upgrade the Camera application To Version 1.1.2.
Facebook suggest users to upgrade the Camera application To Version 1.1.2.