Electronic keys and protection measures did not prevent penetration of privacy on social media in Lebanon and worldwide, as evidenced by the high frequency of warnings that endanger individuals’ security and exploit their personal data in extortion, bank fraud and other unlawful targets.

During 2019, students of the Lebanese University - Faculty of Sciences (Majd Dhainy, Hassan Badran and Hadi Zeineddin) discovered five security gaps in Facebook, WhatsApp and Instagram, which are violations recognized by Facebook International. Following this incident, the three students were put on the list of honor in a preliminary order (119 out of 190) which was raised later to 75 out of 190.

The students Majd, Hassan and Hadi explained the gaps as follows:

Gap 1: located in Instragram groups managed by the Group Admin who accepts and rejects requests. The gap enables anyone inside the group to reject request for joining Chatrooms.

Gap 2: located in the Question Sticker feature within the Facebook Stories; the gap enables the attacker to respond to any question in the Story. Normally, the user may not respond to any question asked by another user unless they are friends on Facebook.

Gap 3: located in the Live Stream and Stories of Instagram; the gap enables the attacker to disable Live Stream feature and Notifications for the targeted user.

Gap 4: located in the Saved feature of Facebook, the gap enables the attacker to disable the “Saved” section for the targeted user.

Gap 5: it is the violation that allows the attacker to surpass Whatsapp screen password, make phone calls, and send and read messages.

For technical details of the gaps discovered and the Facebook Honor List, please visit the following links:

https://bugreader.com/majd

https://www.facebook.com/whitehat/thanks/