Facebook fixed a dangerous flaw in the Android version of Facebook Messenger which gave attackers the ability to spy on users and potentially identify their surroundings without them knowing.
In a normal scenario, audio from the person making the call would not be transmitted until the person on the other end accepts the call clicking the accept button. But the recently patched vulnerability of Facebook Messenger for Android stipulated that SdpUpdate message could cause audio call to connect before callee has answered the call.
Natalie Silvanovich, the security researcher at Google Project Zero who discovered this vulnerability, explained:
“However, there is a message type that is not used for call set-up, SdpUpdate, that causes setLocalDescription to be called immediately,” she explained. “If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”
Check the source.
- Cyber-espionage campaign opens backdoor to steal documents from infected PCsResearchers at security company ESET uncover Crutch, a new malware backdoor. The newly detailed Crutch campaign appears tailored towards particular […]
- Crooks posing as COVID-19 ‘cold chain’ company phished EU for vaccine intel, says IBMAn unidentified group of malicious sorts impersonated a so-called “cold chain” company involved in COVID-19 vaccine distribution networks then […]
- Major Business Email Compromise Phishing Ring BustedAuthorities found over 50,000 targeted victims of a massive, global scam enterprise that used over 26 different types of […]
- TurkeyBombing Puts New Twist on Zoom AbuseHackers stole nearly 4,000 credentials before Thanksgiving was even over. While millions of people were forced to spend the […]
- This Bluetooth Attack Can Steal a Tesla Model X in MinutesThe company is rolling out a patch for the vulnerabilities, which allowed one researcher to break into a car […]