Facebook fixed a dangerous flaw in the Android version of Facebook Messenger which gave attackers the ability to spy on users and potentially identify their surroundings without them knowing.
In a normal scenario, audio from the person making the call would not be transmitted until the person on the other end accepts the call clicking the accept button. But the recently patched vulnerability of Facebook Messenger for Android stipulated that SdpUpdate message could cause audio call to connect before callee has answered the call.
Natalie Silvanovich, the security researcher at Google Project Zero who discovered this vulnerability, explained:
“However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately,” she explained. “If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”
Check the source.
Read More
- This Disney Plus Scam Is After Your Bank InfoA newly discovered Disney Plus scam is phishing for your banking information, using an e-mail with a very eye-catching […]
- ChatGPT Might Boost Phishing Scams In 2023, Experts WarnWhile AI’s immensely popular ChatGPT is a very useful tool for writers and creators worldwide, it might also help […]
- Devastating Ransomware Attack: Oakland Declares State of EmergencyIn the wake of a massive ransomware attack that left the city with no choice but to shut its […]
- H0lyGh0st Ransomware After Small and Midsize BusinessesMicrosoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored […]
- Popular NFT Marketplace Ravaged by $540M Phishing SchemeIn March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the […]
Attribution:
Photo by Brett Jordan on Unsplash