Egyptian Hacker Found Loophole In Facebook’s Camera App Allowed Hackers To Hijack Accounts Over WiFi
Mohamed Ramadan, an Egypt-based security researcher and trainer with Attack-Secure discovered a security loophole in facebook Camera iOS app. The older version of the app, pre-1.1.2 and released before December 21, has the problem. When used over WiFi networks, malicious hackers can tap the network and hijack Camera users’ accounts, picking up information like email addresses and passwords in the process.
The problem is the app accepts any SSL certification from any source, even evil SSL certifications and this enables any attacker to perform Man in The Middle Attack against anyone uses Facebook Camera App for IPhone. This means that the application doesn’t warn the user if someone in the same [WiFi network] trying to hijack his Facebook account. Mohamed told TechCurnch.
Facebook confirmed the issue and thanked Mohammed for his discovery it also rewarded him with USD 3,000.
Mohamed who has also found and reported vulnerabilities for Apple, Google, Zynga, GitHub, RedHat, Nokia Siemenas and Etsy.