Facebook introduced new settings designed to make it easier for cyber experts to test the security of its mobile applications.
Facebook has announced the implementation of new settings to make it easier for white hat hackers to test the security of its mobile applications.
To protect Facebook users, the mobile apps of the company implement security mechanisms such as Certificate Pinning that ensures the integrity and confidentiality of the traffic sent from the user device to Facebook servers.
While measures like the certificate pinning improve the overall security of the platform, they make it harder for experts to test Facebook mobile apps for server-side security bugs.
Facebook has decided to introduce new settings that white hat hackers can change on their own accounts so that they can inspect network traffic associated with Facebook, Messenger. and Instagram applications during testing sessions.
“Today we are pleased to announce that we heard the feedback and implemented a means for security researchers to analyze network traffic on Facebook, Messenger and Instagram Android applications on their own accounts for bug bounty purposes.” reads the announcement published by Facebook.
“We advise turning these settings off while not testing our website for security vulnerabilities.”
Security experts who want test security features of the Facebook mobile apps have to enable the “Whitehat settings” in the web-based version of Facebook and then in the mobile application.
Once the users have enabled the ‘Whitehat Settings,’ a button will be displayed in the selected app’s menu and an alert is displayed at the top of the screen to warn that traffic may be monitored.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.