A potential technical security bug has been spotted affecting Facebook users using iOS devices. The possible bug, specifically persistent in applications run through iOS 13.2.2 version of the operating system, opens the back camera of the users without authorization.
The problem has been spotted and reported by a number of Facebook users who have recently updated their iOS devices to the latest version of the operating system. Apple has released the most recent updated version for its latest iOS on November 8, the eighth update it has rolled out since September.
Several Facebook users took to Twitter to report a “weird” function that is happening in the app. The reports appear to be referring to a similar problem, which they said started after they have updated their operating system to the latest version.
According to one report, the problem happens when a user opens a photo uploaded by another account on their profile through the app. Users claimed that after going through someone else’s profile, by clicking on a picture (the profile picture, for example) and closing it afterward, the screen would skew the Facebook app a few centimeters to the right to open a small window. The small window appears to show the back camera of the phone or device being opened.
A Twitter user, Daryl Lasafin (@dzlasafin), said in a Twitter post: “Facebook app on iOS 13.2.2 opens my phone’s rear camera when I open a profile photo and swipe down to return (look at the little slit on the left of the video). Is this an app bug or an iOS bug?”
Lasafin noted that the same behavior could also be observed after opening any other photos on the Facebook app. Another Twitter user, Joshua Maddux (@JoshuaMaddux), also reported a similar discovery.
“Found a Facebook security and privacy issue. When the app is open, it actively uses the camera. I found a bug in the app that lets the camera open behind your feed,” Maddux wrote on Twitter.
Maddux added that the same problem persisted after uninstalling and reinstalling the app. Furthermore, he noted that disabling camera access for the app still shows a slit where the camera is supposed to be opened. The user also raised the possibility that the unauthorized opening of the rear camera of the device also opens and activates the built-in microphone of the iOS device.
For Maddux, his discovery is proof that Facebook is accessing users’ cameras and microphones without their authorization, and it poses a massive risk to people’s security and privacy.
“It’s how Facebook accesses your camera and microphone… This is proof that they are accessing your back camera. They may also be accessing the front camera. If they [Facebook] process that through a facial recognition [system], they could see your actual reaction to posts,” he added.
Z6Mag team also conducted our own investigation on the matter. It was discovered that the same problem is not persistent in iOS devices that are running on older versions of the operating system. Similarly, it appears that the bug is also not affecting Android versions of the app. It is still unclear whether or not the issue is a bug on Facebook’s app, or it is a bug with iOS. It could possibly be a zero-day involving both.
Note: We have already reported our discovery to Facebook, and we are still waiting for a response from the company. We will update this article once new information is uncovered regarding this potential vulnerability.