TMCnet News
Cyberoam Discovers Flaw in Facebook Authorization Likely to Trigger Malicious AttacksJun 25, 2013 (Close-Up Media via COMTEX) -- Cyberoam, a network security appliances company, announced its Threat Research Labs (CTRL) has found a critical flaw in Facebook's access token authorization mechanism. According to a release, CTRL found this vulnerability while investigating an ongoing Facebook spam 'lady with razor-sharp axe'. Vulnerability researchers at CTRL reveal this security flaw allows attackers to perform a range of malicious activities such as uploading photos and videos, posting comments, pay with Facebook, publish content, and send SMS, read mailbox, tag friends' photos and more. With this, an attacker is able to perform nearly every task which a Facebook user can do and hence allows various malicious actions. "Ongoing Facebook spams such as 'lady with razor-sharp axe' tend to store stolen Facebook access tokens on their servers for further attacks or exploits. This attack is not limited only to tagging or uploading of photos. Upon clicking the link, Facebook users are unwittingly handing over complete access to their Facebook account, which remains available to attackers even after an affected user logs out from Facebook account," says Bhadresh Patel, lead vulnerability researcher at CTRL. Findings from CTRL identify a security vulnerability that allows cyber attackers to bypass Facebook's Access Token Authorization mechanism, the company said. This entitles cyber attackers to generate unauthorized yet valid access tokens. CTRL has already reported this vulnerability to Facebook and extensive investigation from CTRL would be revealed upon suitable reciprocation or release of security patch from Facebook. More information: www.cyberoam.com ((Comments on this story may be sent to [email protected])) |