Facebook Portal bug lets users display others\' pictures without permission

App analyst Jane Manchun Wong has uncovered a security loophole in Facebook Portal that allows users to add another user's photo album to their own Superframe, without permission.

Facebook states that users can only add photo albums to the smart display's screensaver (Superframe) that are part of their Facebook account. However, in her test, Wong was able to add Facebook CEO Mark Zuckerberg's picture to her album, Fast Company reports.

What is more unnerving is that Facebook doesn't consider it as a security vulnerability and that once a picture is added to the Superframe album, there's no way to remove it.