Facebook Messenger Vulnerability

facebook-createCheckpoint earlier this month found a vulnerability in Facebook messenger – both in the online and mobile application and the vulnerability has been fixed by Facebook after it was disclosed to them.

The vulnerability could allow a malicious person change a conversation thread, possibly modifying or removing a message, photo, link, file and more. Checkpoint pointed out some potential damages this vulnerability could cause:

  • Malicious users can manipulate message history as part of fraud campaigns. A malicious actor can change the history of a conversation to claim he had reached a falsified agreement with the victim, or simply change its terms.
  • Hackers can tamper with, alter or hide important information in Facebook chat communications which can have legal repercussions. These chats can be admitted as evidence in legal investigations and this vulnerability opens the door for an attacker to hide evidence of a crime or even incriminate an innocent person.
  • The vulnerability can be used as a malware distribution vehicle. An attacker can change a legitimate link or file into a malicious one, and easily persuade the user to open it. The attacker can use this method later on to update the link to contain the latest C&C address, and keep the phishing scheme up to date.

Facebook acted promptly and has been commended for fixing the vulnerability.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s