Facebook Messenger Bug Allows Spying on Android Users

Facebook fixed a dangerous flaw in the Android version of Facebook Messenger which gave attackers the ability to spy on users and potentially identify their surroundings without them knowing.

In a normal scenario, audio from the person making the call would not be transmitted until the person on the other end accepts the call clicking the accept button. But the recently patched vulnerability of Facebook Messenger for Android stipulated that SdpUpdate message could cause audio call to connect before callee has answered the call.

Natalie Silvanovich, the security researcher at Google Project Zero who discovered this vulnerability, explained: 

“However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately,” she explained. “If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”

Check the source.

Read More

• FBI: Business Email Compromise – a $43B Scam
  A new FBI report warns of a staggering spike in hacking activities using the Business Email Compromise technique (BEC), […]
• NVIDIA Confirms Employee Credentials And Proprietary Data Stolen During Cyberattack
  NVIDIA confirmed the Lapsus$ cyberattack and the data leak that followed, saying it first became aware of the security […]
• FoxBlade Trojan Hit Ukraine Right Before The 24 Feb Devastating Russian Invasion
  Microsoft discovered an attack using the FoxBlade malware that had compromised Ukrainian systems just hours before Russia’s massive and […]
• Anonymous Group Sides With Ukraine And Declares Cyberwar On Russia
  The hacker collective known as the Anonymous group announced its support to Ukraine. It defied Vladimir Putin by taking […]
• Phishing Attacks Against Those Who Help Ukrainian Refugees
  Cybercriminals used a compromised military email address to launch phishing attacks targeting EU personnel aiding Ukrainian citizens who had […]

Attribution:

Photo by Brett Jordan on Unsplash