Facebook fixed a major security bug in Facebook messenger for Android application, which let hackers listen before you pick up the call.
Messenger application, A free all-in-one communication app, complete with unlimited text, voice, video calling, and group video chat features.
However, A flaw was discovered and reported to Facebook – Natalie Silvanovich, researcher of Google’s Project Zero the bug-hunting team last month.
Impacted version: 2184.108.40.206.119 (and before) of Facebook Messenger for Android.
Spy Users Call:
The bug could have allowed callers to connect audio calls without the callee’s knowledge or approval.
The bug resided in the WebRTC protocol that the Messenger app is using to support audio and video calls.
More specifically, the problem resided in the Session Description Protocol (SDP), part of WebRTC. This protocol handles session data for WebRTC connections, and Silvanovich discovered that an SDP message could be abused to auto-approve WebRTC connections without user interaction.
Audio and video calls via WebRTC typically does not transmit audio until the recipient has clicked the accept button, but if this “SdpUpdate” message is sent to the other end device while it is ringing, “it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”
According to a technical write-up by Silvanovich,
Bug Bounty Program:
A platform where individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
In a Twitter message, Silvanovich said
Above all, Silvanovich has unearthed a number of issues in WhatApp, iMessage, WeChat, Signal, and Reliance JioChat, some of which have found the “callee device to send audio without user interaction.”
There are many ways to guard our account against attackers, below security steps might help to keep your account safe and secure.
- Update your Messenger app
- Enable App lock feature on Messenger
- Block, hide, or mute people that you don’t want to hear from
- Report bad activity
- Control who can reach your Chat list
- Report accounts that are pretending to be you or someone else
The social media giant is also exploring more ways to protect user privacy and safety when someone they don’t know sends a message.