Home Technology Organisations Have Taken Advantage of Facebook’s Security Loophole!

Technology

Organisations Have Taken Advantage of Facebook’s Security Loophole!

Sep 12, 2017

You log onto Facebook and a page pops up on your newsfeed, considering a number of likes on it, you decide to follow it, thinking it’s legit right?

Wrong. Apparently, there’s a loophole in Facebook’s system that paves way for generating unauthentic likes and comments.

The loophole allows users to tap into a collusion network that generates automated fake likes and comments on posts, which in turn shows those particular posts higher up and more often as Facebook is believed to give higher weight to posts that generate more interactions.

This research came forth from Fareed Zaffar of Lahore University of Management Science and Shehroze Farooqi, Zubair Shafiq from The University of Iowa. They shared their findings with CBS News that they’d found dozens of sites operating fake ‘like’ networks.

“a thriving ecosystem of large-scale reputation manipulation services on Facebook that leverage the principle of collusion. Collusion networks collect OAuth access tokens from colluding members and abuse them to provide fake likes or comments to their members.”

‘OAuth’ allows an end user’s account information to be used by third-party services, such as Facebook, without exposing the user’s password.

Now the problem is that the ‘Collusion Networks’ generating these fake likes and comments are hard to track as they cleverly mix the fake accounts with the real ones.

Facebook said in a statement that the collusion networks have now been blocked.

‘We have addressed the activity described in this research and we are no longer seeing it on our platform,’ a spokesperson said.

They further added, ‘Meanwhile, we are investigating different techniques that could be used to generate inauthentic likes in smaller volumes. We will take the appropriate action to help ensure that connections and activity on our service are authentic”.

This team is the first to report large-scale OAuth access token abuse and has teamed up with Facebook in order to mitigate this problem. The group’s full findings will be presented on November 1 at the Association for Computing Machinery Internet Measurement Conference in London.

Stay tuned to Brandsynario for more updates.