Facebook Messenger for Android had a bug that allowed hackers to call users and listen to them even before answering the call. The bug in Messenger attracted $ 60,000 from Facebook’s bug bounty program that has been in place for the past decade. It was discovered by Natalie Silvanovich of Google’s Project Zero bug research team. Silvanovich, who has researched other video applications, noted that so far four bugs have been fixed in Signal, Mocha, JioChat and Facebook Messenger.
The bug in Facebook The Messenger app for Android has now been fixed. According to Wired, the vulnerability was difficult to exploit as it required access to both the attacker and the target Facebook for Android. It also required the victim to log into Messenger in a web browser or some other way. They should also be the caller and recipient Facebook friends. In addition, they would also require using reverse engineering tools to manipulate their Messenger application to force it to send a personalized message.
“What you would see is that the attacker calls you and then the phone rings and they may listen until you answer or the call times out,” Dan Gurfinkel, Facebook’s chief of security engineering said in a blog post. “We quickly fixed this problem before it was exploited.”
Facebook confirmed that the vulnerability had never been exploited because no logs contained evidence of strategic protocol messages that attackers were supposed to send. As per reports, Facebook adjusted its server-side infrastructure to immediately fix the flaw for all users rather than issuing a patch for the mobile app.
The Facebook The Messenger bug was similar to the FaceTime bug discovered by a 14-year-old last year that allowed hackers to call the victim and listen to surrounding users even before answering the call. Apple Group’s FaceTime feature had a bug enabled iPhone users who use the function to call their friends to listen to their conversations even if their call was not received. Apple quickly followed up with a software fix for the bug. However, reports note that Messenger calls would be difficult to exploit due to the warning of the caller and callee Facebook friends.
Earlier this year Facebook implemented Messenger rooms for up to 50 participants. However, Facebook on one of his support pages he noticed that Rooms is not end-to-end encrypted.
“Rooms is built on Messenger, so it uses the same technology to encrypt a video and audio conversation between people as it travels from their devices to our servers which we’ve only placed in a handful of countries that have strong rule of law. are end-to-end encrypted. While there are significant challenges in providing end-to-end encryption for video calls with large groups of people, we are actively working on this for Messenger and Rooms. ” Facebook noticed.
The vulnerability was similar to a bug discovered in FaceTime’s group calling feature last year. However, Facebook confirmed that the vulnerability was never exploited.
- Facebook Messenger for Android fixed a bug that allowed hackers to call users and listen to them even before answering the call.
- The bug in Messenger attracted $ 60,000 from Facebook’s bug bounty program that has been in place for the past decade.
- The Facebook The Messenger bug was similar to the FaceTime bug discovered by a 14-year-old boy last year. However, Facebook confirmed that it had not been exploited.