» Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Facebook Messenger vulnerability exposes your chatting list to hackers

08 March 2019 3

Facebook continues its efforts to roll out privacy and better security across its platform though that doesn’t mean that app is free of vulnerabilities. Just recently, an independent researcher found a bug in Facebook Messenger that exposed information of whom you were communicating with. Sometime back, another bug surfaced that exposed Facebook user’s likes, interests and location history data to third party websites.


The most recent vulnerability raised allowed a hacker to let a Facebook Messenger user click on a ‘bad link’ that takes them to another web page. Upon clicking anywhere on that website, an unseen window opens up that lets the hacker know if the Facebook user was in conversation with any other user or not. The hacker basically exploits iframe properties to expose this private information of the Messenger user.

Facebook responded to the responsible disclosure made by the security researcher who found out this vulnerability sharing in a statement,

“The issue in his report stems from the way web browsers handle content embedded in webpages and is not specific to Facebook,” and also “We’ve made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from happening in other web applications, and we’ve updated the web version of Messenger to ensure this browser behavior isn’t triggered on our service.”

It's quite important to note that Internet and web technologies are always prone to vulnerabilities and these tech companies continue to fix the loop holes. Note that no other information like chats were exposed to this vulnerability. Security researcher Masas shared his concerns regarding this vulnerability stating,

“Browser-based side-channel attacks are still an overlooked subject, while big players like Facebook and Google are catching up, most of the industry is still unaware.”


3

comments

Facebook Messenger vulnerability exposes your chatting list to hackers
Write a comment...
Market

Apple acquires Intel's smartphone modem business for $1B to focus on 5G

Samsung

Samsung confirms 'fixed' Galaxy Fold launch for September

Google

Pixel 4 facial recognition tech under testing; leak suggests hands gestures too

Android

How to use FaceApp's old-age filter if the app is showing error