Security company Check Point identified the significant flaw in Facebook’s messenger app which enables hackers to alter the consevations on Facebook’s messenger app after they were sent.
Checkpoint Security Researcher, Roman Zaikin discovered the vulnerability which ultimately allows hackers to control the Facebook chat and change the messages according to their needs. Hackers can also delete and replace text, links and files exchanged in the conservations.
As we know, Facebook messenger conversations are accepted as legitimate evidence by courts in US, Australia, and Europe. Hence, hackers couldmodify the chats to conceal evidence of a crimeor even mistreat it to blame an honest person.
Checkpoint Security team said “Each message in the Facebook chat applications, both online and mobile, has its own identifier “message_id” parameter. An attacker can store this request, contain the identifier, via a proxy while he launches his malicious attempt”
According to the Checkpoint Research Team, this type of hacks could have a drastic impact on users as Facebook plays an important role in everyday activities and this type of loopholes can cost much.
Checkpoint Research team said-
“Malicious users can manipulate message history as part of fraud campaigns. A malicious actor can change the history of a conversation to claim he had reached a falsified agreement with the victim, or simply change its terms.”
“Hackers can tamper, alter or hide important information in Facebook chat communications which can have legal repercussions. These chats can be admitted as evidence in legal investigations and this vulnerability opened the door for an attacker to hide evidence of a crime or even incriminate an innocent person.”
“The vulnerability can be used as a malware distribution vehicle. An attacker can change a legitimate link or file into a malicious one, and easily persuade the user to open it. The attacker can use this method, later on, to update the link to contain the latest C&C address, and keep the phishing scheme up to date.”
Christopher Rodrigues, the general manager of Checkpoint said, facebook is been alerted as soon as they discovered the vulnerability.Facebook confirms they fixed the vulnerabilitythrough a blog post where they mentioned: “Sometimes, even simple configuration issues can show us how to make our products more secure.”
Facebook also mentioned “We recently fixed a straight-forward bug in the way we identified and detected duplicate messages in the Messenger app on Android. Specifically, we assign a random ID to every message sent, which allows us to identify cases where the same message is sent multiple times.”
For now, we suggest you to update your Facebook Messenger app to the latest version.