Home Hacking Facebook Messenger Bug Allows Spying on Android Users

Facebook Messenger Bug Allows Spying on Android Users

Facebook has recently patched a critical flaw in the Android Facebook Messenger that could allow a malicious attacker to spy on users without knowing, this means that Facebook Messenger Bug allows spying on users.

A security researcher, Natalie Silvanovich at Google Project Zero that existed in app’s implementation of WebRTC, a protocol that is used  make audio and video calls by exchanging a series of thrift messages between the callee and caller.

Normally when a person calls another person the would not be transmitted until the receiver accepts the call and that gets implemented either not calling setLocalDescription until another person receives the call or setting the audio and video media descriptions in the local SDP to inactive and updating them when the user clicks the button, Silvanovich explained.

However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately. If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.

Silvanovich explains

In the report, the researcher has demonstrated the step-by-step procedure to reproduce the flaw and to successfully exploit this Facebook Messenger bug t would take only a few minutes but this also needs that the attacker is the Facebook friend of the attacker in order to call.

Silvanovich reported the vulnerability to Facebook on Oct 6 and the vulnerability has now been fixed by Facebook. The tech giant also highlighted the Facebook Messanger bug in their 10th bug bounty program which rewarded her $60,000 bounty.

After fixing the reported bug server-side, our security researchers applied additional protections against this issue across our apps that use the same protocol for 1:1 calling

Satender Kumarhttps://geekosapiens.com
A tech Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others.


Please enter your comment!
Please enter your name here

Most Popular

6 Best Private Search Engines that Do Not Track You

We all care for our privacy whether in real life or on the Internet. Not to worry we are here with 6 Best Private Search Engines that do not track. And will help you to find which is the best search engine?

In-Depth of Lava’s Customizable Smartphones

Lava is an Indian Smartphone brand that has finally delivered us what other smartphone brands were unable to do. The customizable smartphones are Z1, Z2, Z4, Z6. These smartphones are customized by Lava's My Z service. As specified by Lava this service will be upgraded to MyZup for customizing bought out phones. Let's check out the comparison of Lava's customizable smartphones.

Why companies are removing chargers from smartphone boxes?

Recently Apple stopped shipping the chargers with their phones. According to them, this step was taken to reduce waste generation. But, deep down we know they had done this to boost their retail chargers sales. This reason is still not much clear why companies are removing chargers from smartphone.

How to Mirror Android screen to PC?

We all have heard and love casting our device on the TV. But, did you know that the android screens can also be cast or mirrored in PCs also? This can be done by many methods which can be wired or wireless. We are here with an awesome guide on how to mirror android screen to PC.