Researcher paid $60K for finding Facebook bug that let hackers spy on you
Software companies aren’t the only ones discovering bugs in their products. Security researchers often poke holes in well-known systems to find weaknesses, and when they do, they can sometimes profit handsomely.
That’s what being a bug bounty hunter is all about, and it’s a career that can pay off if you know what you’re doing. Tap or click here to see how much Apple will pay you to hack an iPhone.
Facebook recently awarded one of its largest bounties ever to a researcher from Google’s Project Zero team. With this bug, hackers could have spied on users’ microphones without getting caught. We’ll show you how much she earned, as well as how you can tell if your microphone is on using your operating system.
A bug bounty bonanza
Facebook awarded security researcher Natalie Silvanovich a staggering $60,000 bounty for discovering a flaw inside Messenger’s audio calls on Android devices. The flaw was part of the app’s data management system, and if left unpatched, hackers could have used it to start audio calls without users knowing.
According to Silvanovich’s bug report, exploiting the flaw takes a matter of seconds. She reported the issue to Facebook back in October, and the company quietly patched it behind the scenes. Users don’t need to update their apps to get the fix.
After receiving the reward, Silvanovich tweeted that she would be donating it to charity rather than keeping it. It’s not every day that you see a hero willing to fight hackers and help those in need.
Facebook generously awarded a bounty of $60,000 for this bug, which I’m donating to the @GiveWell Maximum Impact Fund https://t.co/JvZt9Fw4nx
— Natalie Silvanovich (@natashenka) November 19, 2020
How can I tell if an app is using my microphone?
By default, Android won’t tell you if the camera or mic is recording. But that doesn’t mean you can’t find out for yourself.
Check out the Access Dots app for Android to get a sneak peek at whether or not apps are spying. This free app will show an icon in the upper-right corner of your phone’s screen any time the camera or microphone is used.
Access Dots shows ads the first time you open the app. Once it’s set up, you won’t see ads because it runs in the background. You can also change the colors of the indicator icons to your liking.
Tap or click here for an in-depth look at the Access Dots app.
How do I stop an app from using my microphone in Android?
If you see the light on and want to stop your mic or camera from being used, swipe up to the middle of your screen from the bottom, then swipe your finger from left to right. On the left, tap Clear all. This will close all your apps at once.
Next, check your permissions. These directions may vary depending on the Android phone you use.
- Open the Settings app. Then, scroll down and tap Personal.
- Tap Privacy and Safety, followed by App Permissions.
- Tap Microphone or Camera and locate the app you want to turn the mic or camera off for. Toggle the slider to the off position.
Once your mic permissions are removed, you can relax and feel confident that your apps aren’t snooping on you. Just make sure to pay close attention to the dot in the upper-right corner of your screen the next time you boot up Messenger.
The issue was patched, but who knows the next time a bug like this will pop up.
Tap or click here to see how a popular messaging app leaked millions of private photos and files.
Tags: Android, Apple, Apple iPhone, camera, Facebook, Flaw, Google, hackers, Messenger, microphone, operating systems, permissions, privacy, Project Zero, security, security researcher