Security News Facebook Flaw Allows Attackers to Alter Chats and Conversations

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
A vulnerability found in Facebook Messenger would allow an attacker to change a conversation thread in both the Facebook Online Chat & Messenger App.

By abusing the vulnerability, it’s possible to essentially hijack the communications, modifying or removing any sent message, photo, file, link and much more. Check Point, which discoveredthe flaw, pointed out that given the fact that users rely on Facebook for personal and business-related communications, this kind of malicious power could have long-ranging consequences.

For instance, malicious users can manipulate message history as part of fraud campaigns, changing the history of a conversation to claim he had reached a falsified agreement with the victim, or simply change its terms. Hackers could also tamper with, alter or hide important information in Facebook chat communications which can have legal repercussions. These chats can be admitted as evidence in legal investigations and this vulnerability opens the door for an attacker to hide evidence of a crime or even incriminate an innocent person.

Or, the vulnerability can be used as a malware distribution vehicle. An attacker can change a legitimate link or file into a malicious one, and easily persuade the user to open it. The attacker can use this method later on to update the link to contain the latest C&C address, and keep the phishing scheme up to date.

“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realizing. What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” said Oded Vanunu, head of products vulnerability research at Check Point.

Full Article. Facebook Flaw Allows Attackers to Alter Chats and Conversations
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top