Facebook Messenger Bug – Hackers Spy On Users Call

Home/Mobile Security, Software Issues/Facebook Messenger Bug – Hackers Spy On Users Call

Facebook Messenger Bug – Hackers Spy On Users Call

Facebook fixed a major security bug in Facebook messenger for Android application, which let hackers listen before you pick up the call.

Facebook Messenger:

Messenger application, A free all-in-one communication app, complete with unlimited text, voice, video calling, and group video chat features.

However, A flaw was discovered and reported to Facebook – Natalie Silvanovich, researcher of Google’s Project Zero the bug-hunting team last month.

Impacted version: (and before) of Facebook Messenger for Android.

Spy Users Call:

The bug could have allowed callers to connect audio calls without the callee’s knowledge or approval.

The bug resided in the WebRTC protocol that the Messenger app is using to support audio and video calls.

More specifically, the problem resided in the Session Description Protocol (SDP), part of WebRTC. This protocol handles session data for WebRTC connections, and Silvanovich discovered that an SDP message could be abused to auto-approve WebRTC connections without user interaction.

Subscribe To Get Vulnerability Updates : TwitterLinkedIn

Audio and video calls via WebRTC typically does not transmit audio until the recipient has clicked the accept button, but if this “SdpUpdate” message is sent to the other end device while it is ringing, “it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings.”

According to a technical write-up by Silvanovich,

Source : Reported by natashenka

Bug Bounty Program:

A platform where individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

In a Twitter message, Silvanovich said

The awarded bounty will be donated to a charity

Above all, Silvanovich has unearthed a number of issues in WhatApp, iMessage, WeChat, Signal, and Reliance JioChat, some of which have found the “callee device to send audio without user interaction.”

Security Recommendations:

There are many ways to guard our account against attackers, below security steps might help to keep your account safe and secure.

  • Update your Messenger app
  • Enable App lock feature on Messenger
  • Block, hide, or mute people that you don’t want to hear from
  • Report bad activity
  • Control who can reach your Chat list
  • Report accounts that are pretending to be you or someone else

The social media giant is also exploring more ways to protect user privacy and safety when someone they don’t know sends a message.

By | 2020-11-20T21:24:03+05:30 November 20th, 2020|Mobile Security, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!