Facebook Messenger bug allowed Android users to spy on each other

Facebook has fixed a critical flaw in its Facebook Messenger messaging app for Android that allowed callers to listen in on other users' surroundings without , before the called party accepts the call !!.

Facebook Messenger for Android has been installed on more than 1 billion Android devices, according to official Play Store page of the application.

Attackers could have exploited this flaw by sending a special type of message known as SdpUpdate, which would cause the of the call to the called party's device before it is answered.

Such as explains Natalie Silvanovich, a researcher at Google's Project Zero program “If this message is sent to the called user's device, it will cause the transmission to begin immediately while she is still ringing, which could allow an attacker to monitor the caller's environment."

Normally, the recipient of the call does not transmit audio until it agrees to accept the call, which is implemented when it clicks the accept button. Now if all this time someone was calling you a little more persistently than normal, you should probably suspect it. Especially if it was your other half.

Silvanovich found the issue in version 284.0.0.16.119 of Facebook Messenger for Android last month. To exploit this issue, an attacker would need to already have the rights to invite this particular person by bypassing certain eligibility checks (eg, being Facebook friends). It should also know how to use reverse-engineered its own Messenger app to force it to send a custom message.

The Facebook awarded to Silvanovich a $ 60.000 donation to find and reveal this Messenger bug for Android.

This year alone, Facebook reports that more than 1,98 dollars were given to researchers by more than 50 which reported over 1.000 vulnerabilities.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).