Vulnerability exposed in Facebook Messenger app

A security flaw has been uncovered in Facebook's Messenger app for smartphones, which allows malicious users to alter the content of a message after it has been sent. 

The vulnerability was discovered by online security company Check Point Software Technologies – and it is thought to affect the online desktop version of the browser software, as well as the smartphone version. 

Check Point reported the issue to Facebook and then cooperated with the social network's security team to fix it immediately. 

Prior to that, it would have been possible for a conversation to be changed in Facebook Online Chat & Messenger App, with sent messages, photos, files, links and more all prone to modification. 

Several potential attacks to expose this flaw were outlined – and these schemes could have had a significant impact on users due to the vital role Facebook plays in many people's day-to-day lives. 

For instance, message history could be manipulated as part of a fraud campaign, with the attacker able to claim they had reached a falsified agreement with their victim. 

Hackers could tamper with Facebook chat communications to bring about legal repercussions or to incriminate an innocent person. This was a cause for concern as chats can be permitted as evidence in legal investigations. 

Finally, the chat system could have been turned into a vehicle for malware distribution by turning a legitimate link into a malicious one. 

“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realising. What's worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” said Oded Vanunu, head of products vulnerability research at Check Point. 

“We applaud Facebook for such a rapid response and putting security first for their users.”

Written by Mazuma

Mazuma Mobile is Australia's most trusted mobile phone recycling service.

Leave a Reply

Your email address will not be published. Required fields are marked *