Facebook should care more about privacy, security researchers say

10 Aug 2015

Following the revelations that have shown major flaws in Facebook’s privacy settings with regard to linking your mobile number, security experts are now calling for the company to get serious about protecting users.

The issue relates to Facebook and one security researcher’s discovery about the impact of a person’s profile being linked with their mobile phone number, which is by default set to public for people to find.

Using a simple algorithm, security engineer Reza Moaiandin was able to generate thousands of phone numbers, which when put through Facebook’s API for developers sent him back Facebook users’ personal data.

According to The Guardian, the biggest issue security researchers have with the revelation is that Facebook has not only been slow to react, but that people’s mobile phone numbers are set to public by default.

“If Facebook cares about its community, it should perhaps do more to lead them in the right direction – perhaps ensuring that users have to choose whether they want to make their phone numbers publicly accessible, rather than that being a default,” said computer security analyst Graham Cluley.

Facebook deny it is a vulnerability

Moaiandin had previously stated that he had made Facebook aware of the vulnerability back in April and July of this year, but Facebook had denied that it was a security vulnerability.

Both Moaiandin and other security researchers have called on the social network to implement a two-step encryption layer that would have prevented Moaiandin from exploiting the “Who can find me?” privacy setting.

A Facebook spokesperson has reiterated the company’s position that it offers all the necessary tools to allow someone to change the scope of their privacy settings as they see fit.

“The privacy of people who use Facebook is extremely important to us,” the spokesperson said.

“We have industry-leading proprietary network-monitoring tools constantly running in order to ensure data security and have strict rules that govern how developers are able to use our APIs to build their products. Developers are only able to access information that people have chosen to make public.”

Facebook privacy protest image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com