NEWS
NEWS
NEWS
Vulnerability in Facebook Messenger could have allowed attackers to manipulate chats
A vulnerability has been discovered in Facebook’s Messenger application that could allow attackers to manipulate a conservation in the app in secret, a security firm has discovered.
Researchers at Check Point Software Technologies Ltd. discovered the man-in-the-middle flaw in the app, saying that utilizing it makes it possible to modify or remove any sent message, photo, file, link, and much more, potentially allowing a malicious user to manipulate message history as part of a fraud campaign.
The vulnerability was due to the way Facebook assigns identities in messages in the chat application, specifically that each message has its own “message_id” and attackers could reveal that ID through using a Facebook API page.
Once the ID had been accessed an attacker could alter the content of the message and send it to Facebook’s servers without the chatting parties knowing the interception has occurred.
Ramifications
The ramifications of a potential attack using the vulnerability could have included legal repercussions; a malicious actor could change the history of a conversation to claim he had reached a falsified agreement with the victim, or simply change its terms, with those chats being admitted as evidence in legal investigations.
Conversely the ability to remove what has been said could also potentially allow an attacker to hide evidence of a crime or even incriminate an innocent person.
The last potential use would be a malware distribution vehicle, where a malicious actor could change a legitimate link or file into a malicious one, then persuade a user to open it.
“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realizing. What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” said Check Point’s Head of Products Vulnerability Research Oded Vanunu said in a blog post.
The good news is that after being informed of the vulnerability Facebook is said to have shut it down.
“Facebook was very responsive and took this seriously,” Vanunu told ThreatPost separately. “It’s important to understand that this infrastructure is serving hundreds of millions of users. Bringing a code change could be harmful. Facebook managed to close this vulnerability in two weeks.”
Image credit: Janitors/Flickr/CC by 2.0
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
