NEWS
NEWS
NEWS
Vulnerability in Facebook Messenger could have allowed attackers to manipulate chats
A vulnerability has been discovered in Facebook’s Messenger application that could allow attackers to manipulate a conservation in the app in secret, a security firm has discovered.
Researchers at Check Point Software Technologies Ltd. discovered the man-in-the-middle flaw in the app, saying that utilizing it makes it possible to modify or remove any sent message, photo, file, link, and much more, potentially allowing a malicious user to manipulate message history as part of a fraud campaign.
The vulnerability was due to the way Facebook assigns identities in messages in the chat application, specifically that each message has its own “message_id” and attackers could reveal that ID through using a Facebook API page.
Once the ID had been accessed an attacker could alter the content of the message and send it to Facebook’s servers without the chatting parties knowing the interception has occurred.
Ramifications
The ramifications of a potential attack using the vulnerability could have included legal repercussions; a malicious actor could change the history of a conversation to claim he had reached a falsified agreement with the victim, or simply change its terms, with those chats being admitted as evidence in legal investigations.
Conversely the ability to remove what has been said could also potentially allow an attacker to hide evidence of a crime or even incriminate an innocent person.
The last potential use would be a malware distribution vehicle, where a malicious actor could change a legitimate link or file into a malicious one, then persuade a user to open it.
“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realizing. What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” said Check Point’s Head of Products Vulnerability Research Oded Vanunu said in a blog post.
The good news is that after being informed of the vulnerability Facebook is said to have shut it down.
“Facebook was very responsive and took this seriously,” Vanunu told ThreatPost separately. “It’s important to understand that this infrastructure is serving hundreds of millions of users. Bringing a code change could be harmful. Facebook managed to close this vulnerability in two weeks.”
Image credit: Janitors/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
