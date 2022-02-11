Share on Facebook Share on LinkedIn Share on Pinterest Share to Email Share on Telegram Share on WhatsApp

The team at Quantika14, a Sevillian computer expertise company, has found a security flaw in the automatic analysis of Facebook images, the social network owned by Meta. Facebook has an image description system, designed for its blind users, which works through Artificial Intelligence.

This security flaw in Facebook would allow external companies to obtain data from users of the social network for commercial purposes

It is precisely in this system, supposedly suppressed by Facebook last November, where Quantika14 has found the bug. Through this mechanism, the platform performs a deep analysis of the images detecting faces, words and even license plates of cars. All these data are displayed in an “ALT” attribute and can be obtained automatically to generate information packages with them.

The code used by this tool is designed so that you can extend the data associated with a particular element without the need for them to have a defined meaning. Its attributes allow you to store additional information about any HTML element without the need to resort to more complex analysis.

The indiscriminate and automated use of this system may entail a violation of the right to privacy of users. This mechanical analysis of the data allows a massive extraction of the same.

Taking advantage of this Facebook security bugany company could monitor the photos that a user uploads to their wall. Using a simple script, it would be possible to spy on and extract millions of data from the profile of any Facebook user in the world, tracing the behavioral model of users on a large scale.

It is known that Meta sells data packages with relevant information of its users to third parties to use them For commercial purposes. However, this security flaw would mean that any individual or organization could extract this data en masse without Meta’s supervision and without paying the company for it.

