Recently a very severe security flaw was detected by the security firm, Check Point’s security researcher Roman Zaikan which affected all the versions of the service for both desktop and mobile devices. It allowed to modify or remove any message, photo, file, link etc.
Now Hackers Can Hack Facebook Messenger App To Read Or Alter Messages
Until about a few months ago there was a serious vulnerability in Facebook Messenger, through which it was possible to infiltrate the conversations and change all the content without any user interaction.
The problem was discovered by the security firm, Check Point Software Technologies Ltd. which is an international provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security and security management.
The vulnerability was actually found by the security firm Check Point’s security researcher Roman Zaikan. The security researcher Roman Zaikan said that “the backdoor allows a potential hacker to launch a man-in-the-middle (MiTM) attack into Facebook Messenger and spy/read messages without either the sender or the reader knowing it. Hence, the hacker could also alter the messages for their own malicious gain”.
The security flaw which was detected by the security firm, Check Point, affected all the versions of the service for both desktop and mobile devices. It allowed to modify or remove any message, photo, file, link etc.
“By exploiting this vulnerability, cyber criminals could change a whole chat thread without the victim realizing. What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point. The Head of Products Vulnerability Research at Check Point, Oded Vanunu also added that “We applaud Facebook for such a rapid response and putting security first for their users”.
For this, it was enough to find the handle parameter of each application conversation called “message_id”. With this in hand, the hacker could easily retain every request and replace them for what they actually wanted. Because the messages had been sent, Facebook does not send notifications, which would make it easier to deceive the targets or victims.
In addition to infecting users, the gap also brought the possibility of creating legal problems, since the Messenger of history can be used as evidence in court. For example, a hacker could easily change the talks to induce the authorities to believe that a person in breach proceedings held talks with the lover or even more serious things like turning an ordinary subject in pedophile.
However, the social media giant Facebook said that “if someone altered the content of a message, using the flaw in the Android app, the correct version of the conversation still existed in other platforms and could be used as evidence of the unaltered conversation”. After discovering the bug, the security firm Check Point has informed the social media giant Facebook about the bug, who promptly fixed the problem.
So, it is strongly recommended, if you are a Facebook Messenger user then you should update your app as soon as possible with the latest version available on Google Play Store and Apple iTunes Store.
