The noticeable vulnerability allowed hacker to change a conversation thread
without the user's knowledge and spread potential malware.
The bug was discovered by experts at security firm Check Point and Facebook
was quickly alerted before patching up the problem.
Check
Point said the flaw enabled hackers to change the content of messages in
Facebook Online Chat and on the Messenger app before sending it off to the
social network's servers.
Malicious users could have been taken advantage of the bug to spread
sophisticated fraud campaigns by changing the conversation to claim they had
reached a falsified agreement with the victim, the experts said.
Oded Vanunu, head of products vulnerability research at Check Point said:
“By exploiting this vulnerability, cyber criminals could change a whole chat
thread without the victim realizing.
"What’s worse, the hacker could implement automation techniques to
continually outsmart security measures for long-term chat alterations."
He added: “We applaud Facebook for such a rapid response and putting
security first for their users.”
However Facebook say the issue was not as bad as it may have seemed and only
affected Android users.
A Facebook spokesman, writing in a blog
post earlier today, said: "Based on our investigation, this simple
misconfiguration in the Messenger app on Android turned out to be a low risk
issue and it's already been fixed."
Mark Zuckerberg's company denied viruses could have been sent and added that
they appreciated the researchers reporting the hole.
No comments:
Post a Comment