EASY TECH BYTE is a blog for latest tech news, gadgets and EasyTechByte gives you awesome tricks to help your digital life.

Thursday, 15 December 2016

"ORIGININULL"- A SIMPLE BUG THAT ALLOWS HACKERS TO READ ALL OF YOUR FACEBOOK MESSAGES CHAT




Facebook-messange-hack

TECHBYTE: A security firm Cynet found a critical vulnerability in Facebook Messenger that allow the attacker to read all your personal messages affecting the privacy of one billion Facebook users. Facebook has fixed this issue after reporting by security by security firm.


                     Did you ever imagine that just by a running a website in your browser your all Facebook messages can be read by attacker and you will never know about this , no matter whether you are  using Facebook’s mobile app or web browser. Because these flaws affected both the web chat as well mobile application.

                      For example, if the user opens a website to which the hacker has directed them (via a malicious ad, a security issue, or the hacker’s own website), the hacker can then see all the Facebook Messenger chats, photos and other attachments which the user sends or receives. This happens even if the user sends the messages by way of another computer, or from their personal mobile device!


             Earlier this week , Ysrael Gurt, the security researcher at BugSec and Cynet , reported a cross-origin bypass attack against Facebook Messenger that allows hackers to access your chat, photos and attachments as well. With the help of messenger  Facebook manage the to replace the conventional text messages. Now around one billion active users trust Facebook for their conversations.



originull-bug



        The hack, dubbed “Originull,” enables an attacker to access and view all of a user’s private chats, photos and other attachments sent via Facebook Messenger. Dubbed “Originull,” potentially affects millions of website that use origin null restriction checks and exposes the website visitors to malicious elements.


“This security flaw meant that the messages of 1-billion active monthly Messenger users were vulnerable to attackers,” said Stas Volfus, Chief Technology Officer of BugSec.
“This was an extremely serious issue, not only due to the high number of affected users, but also because even if the victim sent their messages using another computer or mobile, they were still completely vulnerable.”


          Usually, the web browser protects  us from such hacks by only allowing Facebook pages to fetch the information. But, due to this bug, Facebook opens a bridge that allows the sub-sites of the social network to access the information.

                The main issue was misconfigured cross-origin header implementation on Facebook’s chat server domain, which is allowing the attackers to bypass the origin checks and access the Facebook chats from a malicious website.

   This video demonstration shows how the hack is happen --





See also :WHAT IS "MIRAI BOTNET" ? WHY SOMEONE IS TRYING TO SHUT DOWN THE INTERNET OF AN ENTIRE COUNTRY USING IT
 
Share:

0 comments:

Post a Comment

Translate

LIKE US ON FACEBEBOOK

ABOUT YOU

IP
Powered by Blogger.

Popular Posts