Last updated on August 18th, 2017
Image Credits : ibtimes
Well, the security researchers and other hackers search for various bugs and vulnerabilities in popular platforms like Facebook, Windows etc. Some misuse that bug or vulnerability for their profits, while others report it to the concerned owners who should start fixing a patch for it. In the year 2014, Facebook thanked over a hundred security researchers for making a responsible disclosure to them. And those who report these and help others to make their systems secure are generally categorized under “whitehat” hackers and then termed to be a security researcher.
The Facebook Bug we are going to tell about is not a serious bug as said by the security researchers who found it recently, one of them is Deepak Kumar Nath being security researcher acknowledged from Facebook, Microsoft, Blackberry and other numerous IT Giants,verified this bug for us for not being something serious.
Now let us know about the Facebook Bug. This vulnerability is identified as CSRF [ A Cross-Site Request Forgery (CSRF) Vulnerability is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a users Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. ]
Normally when you make a video call to someone on Facebook then you are directed to – https://www.facebook.com/videocall/incall/
By exploiting this link the hackers sorted out a parameter which can help you make a video call to anyone whose profile link is available to you.
After getting someones profile link, the experts figure out the ID of that particular link and insert the id to a link establishing peer connection to make the video call possible.
” https://www.facebook.com/videocall/incall/?peer_id= ” link is used to make it happen ignoring the quotation marks. After the “=” sign they assign a specific ID which establishes connection to call anyone including Mark Zuckerberg.
Well, we won’t share the Mark Zuckerberg ID because of unintentional legal actions because we are not authorized security researchers at the moment. So, you can figure out the link later for testing purposes.