Up until recently, Nir Goldshlager had access to anyone’s Facebook page.
On Thursday, the security hacker took to his personal blog to detail how he was able to exploit a flaw in the Facebook OAuth, a service used by developers to get permission from subscribers of the social networks in order to properly run their applications on the platform.
For example, if you wanted to accept an invitation to play Words With Friends via the social network platform, Facebook would require you to give the developer of the game consent to access your information via an authorization page.
“I found a way in to get full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos, etc.) over the victim account even without any installed apps on the victim account,” Goldshlager boasts.
He was able to accomplish this by modifying the OAuth URL, which allowed him to redirect a user to a test application he set up. That application would then redirect the victim to his own site, where an access token would be store.
In order to access an individual’s information, that person would still have to click the “Allow” button. He was able to bypass this security feature—cut out the victim from the process entirely—by going through Facebook’s messaging app, which doesn’t require a user to grant it permission.
Goldshlager also noted that the flaw would work until the victim changed his or her password.
In addition to his blog, the hacker also created a video detailing the exploit.
A Facebook spokesperson told the Daily Dot that they were aware of the issue and had fixed it after Goldshlager brought it to their attention.
“We applaud the security researcher who brought this issue to our attention and for responsibly reporting the bug to our White Hat Program,” the company representative said.
The White Hat Program is a bounty system that encourages developers to report any potential vulnerabilities in return for a monetary reward. A recent example of this was the “peeping tom” bug, which would have allowed hackers to turn on a user’s webcam to record and post videos on their behalf.
“We worked with Mr Goldshlager to make sure we understood the full scope of the vulnerability, which allowed us to fix it without any evidence that this bug was exploited in the wild,” Facebook’s spokesperson added. “Due to the responsible reporting of this issue to Facebook, we have no evidence that users were impacted by this bug. We have provided a bounty to the researcher to thank them for their contribution to Facebook Security.”
Facebook did not disclose the monetary amount of the bounty. The hacker’s name has been added to the social network’s White Hat Program acknowledgement page.
Photo via Facebook