Vulnerability in Facebook Messenger app worked both as a browser

Jun

8

2016

Facebook Messenger had a vulnerability that could be exploited with basic knowledge of HTML. The vulnerability occurred both in the app version as the online chat function within the Facebook website. The problem has now been resolved.

Through the vulnerability could a user retrospectively edit a message, such as modifying or deleting photos, links, files, and of course the text message itself. After Checkpoint security company reported the leak, Facebook closed the leak immediately. The greatest danger is in accordance with Checkpoint in manipulating messages as part of fraud campaigns and as a distribution platform for ransomware. Often, ransomware soon no longer distributed by e-mail because the content of the message is known and then no longer spread. If someone post those links can still put in a place that is not controlled, prolong the duration of ransomware campaigns.

To exploit this vulnerability, the attacker must retrieve the message identification, the message_id parameter. This could an attacker by sending a request to www.facebook.com/ajax/mercury/thread_info.php. Then an attacker could modify the message was sent without a push message to another user.

A hacker had to themselves can log on to an account that was fed the chat in the past in order to intercept a chat. That may be the person that occurs as a friend and as with many people citing bands, but actually has evil intentions in the sense of someone who has managed to hijack an account of someone and so then manipulates chats.

Viewing:-87

In: Technology & Gadgets Asked By: [15764 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »