Categories: CyberCrimeSecurity

InfoSec 2016: Facebook Messenger “Left Open To Hackers”

Facebook users came close to being exposed to a dangerous vulnerability in the site’s code that could have opened up its chat apps to criminals, security researchers have claimed.

Both Facebook Messenger and the site’s browser Facebook Chat service were affected by a flaw which could have allowed hackers to essentially take control of any message sent with only a basic level of knowledge of HTML coding.

In doing so, hackers could have been able to modify a message’s content, distribute malware and even insert automation techniques to outsmart security defences, according to security firm Check Point.

At risk

The company claims that all hackers would have needed to do to exploit the flaw would be to identify the unique ID for the sent message they want to target, which requires only very basic HTML knowledge and a browser debug tool, free on any browser.

And once this message ID is isolated and identified, an attacker would be able to hijack it, allowing for the potential altering of the content before sending it on to the Facebook servers without the original user being any the wiser.

Facebook recently revealed that 900 million people are now using Messenger worldwide, along with 50 million businesses.

Check Point says that it informed the Facebook Security team about the vulnerability earlier this month, with the site immediately responding to work with the company and patch the flaw two weeks later.

Facebook has confirmed that users are no longer at risk from this vulnerability, and do not need to make any changes to their accounts.

“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realising,” said Oded Vanunu, head of products vulnerability research at Check Point.

“What’s worse, the hacker could implement automation techniques to outsmart security measures, allowing them to launch long-term, insidious attacks. We applaud Facebook for such a rapid response, and for working with us to put security first for their users.”

Are you a Facebook expert? Take our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

2 days ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

2 days ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

2 days ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

3 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

3 days ago