Facebook fixed a dangerous flaw in the Android version of Facebook Messenger which gave attackers the ability to spy on users and potentially identify their surroundings without them knowing.
In a normal scenario, audio from the person making the call would not be transmitted until the person on the other end accepts the call clicking the accept button. But the recently patched vulnerability of Facebook Messenger for Android stipulated that SdpUpdate message could cause audio call to connect before callee has answered the call.
Natalie Silvanovich, the security researcher at Google Project Zero who discovered this vulnerability, explained:
“However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately,” she explained. “If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”
Check the source.
Read More
- H0lyGh0st Ransomware After Small and Midsize BusinessesMicrosoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored […]
- Popular NFT Marketplace Ravaged by $540M Phishing SchemeIn March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the […]
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]
Attribution:
Photo by Brett Jordan on Unsplash
