Meta focused on protecting users from bugs in 2022.

December 25, 2022

Meta introduced several new programs and features in 2022 designed to improve security and safety on its platforms, the company said in its year-end news release .

Last year, parent company Facebook and Instagram continued to focus on initiatives aimed at eliminating covert influence operations and spyware, as well as bug detection.

Reprisals against coordinated misbehavior
Amid concerns about Russian interference in the 2016 and 2020 U.S. presidential elections, social media platforms have been called upon to help eliminate outside influencers.

According to a Facebook press release , since 2017, Meta has prevented more than 200 covert influence operations using its Coordinated Inaccurate Behavior (CIB) policy. It also released details about these threats, including whether they came from commercial organizations, nation states or unknown groups.

“Sharing this information has enabled our teams, investigative journalists, government officials and industry colleagues to better understand and identify online security risks, including in the run-up to important elections,” Ben Nimmo, head of Global Threat Intelligence, and David Agranovich, director, Threat Disruptions, said in a statement.

Threats emanating from 68 countries using at least 42 languages were identified. The United States was the most commonly used country with 34 CIB operations, followed by Ukraine with 20 and the United Kingdom with 16.

Russia was the main source of these CIB networks, accounting for 34, and Iran had 28.

Countering the global threat of spyware
The social media titan also continues to focus on eliminating spyware. Its latest report on the threats of what it calls the “surveillance-for-hire industry” says it is a growing problem that indiscriminately targets people in an attempt to gather intelligence and hack into devices and accounts.

As part of its commitment to fighting these attackers, Meta has disabled accounts, blocked infrastructure from using its platforms and shared this data with policymakers, security researchers and other platforms.

It also notifies people who the company believes have been targeted, many of whom are often unaware they are at risk.
Expanded bug bounty
According to the press release , Meta’s bug bounty program has also expanded this year . Meta Quest Pro and Meta Quest Touch Pro controllers are now eligible for awards.

This program, launched in 2011, has generated more than 10,000 Meta software bug reports this year. According to the report, more than 750 of those have been awarded awards totaling more than $2 million.

Meta also put more emphasis on making its hardware technology more accessible to the research community in 2022. This included a focus on VR technology at BountyCon, the company’s annual conference for bug hunters.

At that conference, researcher Youssef Sammoud reported a problem in Meta Quest’s oAuth stream that could lead to a two-click account takeover. After fixing this problem, which Meta found showed no evidence of abuse, this report was awarded $44,250, including program bonuses.

What Meta expects in 2023
Meta’s security experts expect the company’s new focus on information sharing will allow it to identify and close CIB transactions faster, as they expect them to continue to target smaller services with lower levels of resources.