Advertisement
Dominic Lipinski/PA Wire
on the sly

Facebook Messenger flaw allowed hackers to secretly alter messages

Facebook has fixed the problem but said it was a “low risk issue”.

RESEARCHERS FOUND A SECURITY flaw which allowed users to alter conversations on Facebook’s Messenger app after they were sent.

Security company Check Point, which uncovered the flaw, said it could have been used to “modify or remove any sent message, photo, file, link, and much more” without the person on the other end realising.

The team said the potential damage of this flaw could allow someone to tamper, alter or hide important information and claimed it could be used to distribute malware by changing a normal link into a malicious one.

The attacker could also continue to update the link as a way of outsmarting the app’s security measures.

The vulnerability was disclosed to Facebook’s security team earlier this month and is now fixed.

However, Facebook posted an update on the bug saying it only affected the Android version of Messenger. It also said it was a “low risk issue” as it had the necessary spam and malware filters in place to prevent users from falling victim to ransomware.

Facebook Conference Facebook Messenger now has more than 900 million monthly active users. AP Photo / Eric Risberg AP Photo / Eric Risberg / Eric Risberg

“Because even new content was subject to our anti-malware and anti-spam filters, this bug did not introduce the ability to send malicious content that would have been blocked in the original message,” it said in a statement.

Based on our investigation, this simple misconfiguration in the Messenger app on Android turned out to be a low risk issue and it’s already been fixed.

Facebook has put a lot of work into making Messenger a standalone app. While it has more than 900 million users on it every month, not everyone was happy with the decision to push people from the main app to a standalone app.

Users were able to get around this by using the web app or using chat heads on Android, but Facebook is said to be disabling it and telling users their conversations will soon only be viewed from Messenger.

Read: Even Mark Zuckerberg’s online accounts aren’t safe from hackers >

Read: The title that made the Game Boy a massive hit is 32 years old >

Your Voice
Readers Comments
4
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.