Facebook Helped Develop a Tails Exploit

2020-06-12 11:23

According to Vice, the FBI had tried to hack into Hernandez's computer but failed, as the approach they used "Was not tailored for Tails." Hernandez then proceeded to mock the FBI in subsequent messages, two Facebook employees told Vice.

Facebook had tasked a dedicated employee to unmasking Hernandez, developed an automated system to flag recently created accounts that messaged minors, and made catching Hernandez a priority for its security teams, according to Vice.

Facebook also never notified the Tails team of the flaw - breaking with a long industry tradition of disclosure in which the relevant developers are notified of vulnerabilities in advance of them becoming public so they have a chance at implementing a fix.

Sources told Vice that since an upcoming Tails update was slated to strip the vulnerable code, Facebook didn't bother to do so, though the social media company had no reason to believe Tails developers had ever discovered the bug.

I'm less okay with Facebook paying for a Tails exploit, giving it to the FBI, and then keeping its existence secret.

News URL

https://www.schneier.com/blog/archives/2020/06/facebook_helped.html

#exploit #facebook

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Facebook		29	0	11	46	54	111