Messenger platform can monitor users
Messenger platform can monitor users

Facebook has fixed a security flaw in the Messenger for Android platform app that allows attackers to monitor users without their knowledge.

According to the official page of the app in the Google Play Store, the basic messenger app for Android is installed on more than one billion Android devices.

The vulnerability was discovered by Natalie Silvanovi, a security researcher with the Google Zero Project security team.

The researchers said: The vulnerability lies in the application of the WebRTC protocol used by Messenger applications for voice and video calls.

The problem is with SDP which is part of the WebRTC protocol, and the SDP protocol handles WebRTC connection session data.

Silvanovic discovered that automatic approval SDP messages for WebRTC connections can be misused without user intervention.

According to Silvanovic's bug report, it would take a few seconds to exploit this vulnerability, but the attacker must have permission, that is, among the user's Facebook friends, to contact each other. The end.

Researchers reported the issue to Facebook last month, and the social media giant addressed the issue with a server-side update for Messenger.

"Facebook gave him a $ 60,000 reward for reporting the problem," Silvanovic said in a message on Twitter.

Google researchers decided to donate the rewards to GiveWell, a non-profit organization that coordinates charitable activities.

Facebook also donated $ 60,000 to Jeff Weil. He said: The Silvanovich Prize is one of three $ 60,000 awards we have ever received, which reflects its biggest potential impact.

Over the past few years, Silvanovi has detected and reported similar issues with other instant messaging apps, which is one of his areas of expertise.

In October 2018, he discovered a vulnerability in the WhatsApp app for Android and iOS that could allow attackers to take control of the app after a user responded to a video call.

In July 2019, researchers found four non-reactive errors in the iMessage app and a fifth error in iMessage in the same month that could have been used to damage the iPhone.



Save 80.0% on select products from RUWQ with promo code 80YVSNZJ, through 10/29 while supplies last.

HP 2023 15'' HD IPS Laptop, Windows 11, Intel Pentium 4-Core Processor Up to 2.70GHz, 8GB RAM, 128GB SSD, HDMI, Super-Fast 6th Gen WiFi, Dale Red (Renewed)
Previous Post Next Post