Skip to main content

Hack who outed Facebook flaw lifted by the Fuzz

An Australian journalist who published a story about a security flaw on Facebook has been interrogated by police.

Ben Grubb, poly-jobbing deputy technology editor at the Sydney Morning Herald, The Age and the Brisbane Times, wrote a report from the AusCERT IT security conference in which he told of how insecurity expert Christian Heinrich showed how to lift privacy-protected photos of the wife of fellow conference speaker director of HackLabs Chris Gatford.

Grubb wrote: “Heinrich demonstrated how he had, over about seven days, extracted the privacy-protected Facebook photos of Gatford’s wife via Facebook’s CDN. One photo was of Gatford sitting on the floor next to one of his children. Heinrich blurred out the child’s face but left Gatford’s in.”

Facebook uses content delivery networks (CDNs), based on external servers to which Heinrich appears to have gained access.

Not long after the yarn was published Grubb twitted: "I've been arrested by Queensland Police for a story I wrote today. They've also seized my iPad.

Queensland Police denied they'd arrested Grubb but confirmed he'd been interviewed and that they'd confiscated his iPad.

"I have been officially released from being under arrest. My iPad is still seized," Grubby said.