Expert Comments

Experts Reactions Facebook Portal Vulnerability

Expert(s): Security Experts
Expert(s): Security Experts

It has been reported that developer and digital explorer Jane Manchun Wong has discovered an unnerving “feature” in Facebook’s giant’s smart display. Wong has successfully added another user’s photo album to her own Portal’s Superframe. The problem is Facebook states that a person can only add photo albums to Portal’s screensaver that are part of their Facebook account. Wong reported this to Facebook, but she says the company doesn’t “think this is a security vulnerability.”

Experts Comments

October 31, 2019
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys
This is an example of how an incomplete threat model can allow users to gain access to information they otherwise shouldn’t have access to. Unless Mark Zuckerberg has granted permission to use his image to Jane Wong, for example by making the image public or adding her as a Friend, then she is effectively using this image without consent. With copyright and privacy laws varying by jurisdiction, properly securing access to personal data is an imperative for all organisations. While most.....Read More
This is an example of how an incomplete threat model can allow users to gain access to information they otherwise shouldn’t have access to. Unless Mark Zuckerberg has granted permission to use his image to Jane Wong, for example by making the image public or adding her as a Friend, then she is effectively using this image without consent. With copyright and privacy laws varying by jurisdiction, properly securing access to personal data is an imperative for all organisations. While most privacy laws currently don’t define PII to include likenesses, as any photographer knows – use of someone’s likeness often requires a license and release. Facebook allowing Portal users to gain access to anyone’s photo albums without proper rights management increases the risk for inappropriate usage. Effectively the premise being that if your users don’t know what you’re doing with their data – you increase business risk if something goes wrong!  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Utah Imaging Data Breach – Expert Comments

Telecoms Security Bill – What’s Missing?

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts