Facebook eliminated potential 'webcam spying' hack this summer
30th Dec 2012 | 20:42
Research firm rewarded for discovering bug
A Facebook security vulnerability, which could have been exploited to activate a user's webcam and record them without their knowledge, was closed off this summer, it has been revealed.
Facebook paid Indian research firm XY Security a $2,500 (UK£1,546, AUD$2,409) "bounty" in July for discovering the issue and drawing the bug to its attention, the social network has confirmed.
The flaw, which Facebook said had never exploited by a potential 'Peeping Tom', could, conceivably have troubled users who had already agreed to give Facebook permission to access the camera.
Beyond that the user would have to be 'tricked' into visiting a malicious page, then agree to activate the camera - allowing the spy/pervert to begin recording.
Five times the going rate
Facebook must have felt the threat was serious at it paid five times its usual rate to the two researchers who reported the flaw.
"This vulnerability, like many others we provide a bounty for, was only theoretical, and we have seen no evidence that it has been exploited in the wild," Facebook spokesperson Josh Wolens told Bloomberg.
"Essentially, several things would need to go wrong - a user would need to be tricked into visiting a malicious page and clicking to activate their camera, and then after some time period, tricked into clicking again to stop/publish the video."
Facebook is one of many Silicon Valley heavyweights (other notables being Google and Mozilla) who offer 'bug bounties', paying out millions to researchers who spot flaws and potential dangers.