Waking Up To Facebook Messages You Did Not Send !

Hello all,

Most of us are on Facebook and it’s comforting to know they respond to vulnerabilities very fast.

Check Point Security team discovered a vulnerability in Facebook Online chat and messenger App. This allows a malicious user to change a conversation thread and modify or remove any sent message, photo, file and link.

The Facebook security team has immediately responded when the vulnerability was disclosed.

This type of vulnerability can cause a lot of damage and have a severe impact especially because people use social media like Facebook for their daily activities. There are many people who use Facebook for personal and business activities which makes this type of vulnerability very attractive to hackers.

Hackers and malicious users can manipulate message history as a part of their campaigns. They could make it look like they had a false agreement with a victim or change its terms.

Hackers can also tamper with information that has legal repercussions as Facebook chats can be admitted as evidence in legal investigations.

It can also distribute malware. For instance a legitimate link can be changed into a malicious one which a user might inadvertently open. The attacker can use this method later on to update the link to contain the latest C&C address, and keep the phishing scheme up to date.

Oded Vanunu, Head of Products Vulnerability Research at Check Point said “By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realizing. What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations…We applaud Facebook for such a rapid response and putting security first for their users.”

Check out the full technical analysis of the vulnerability at: http://blog.checkpoint.com/2016/06/07/facebook-maliciouschat/

Source: Akati

Comments are closed.