TECHBYTE: A security firm Cynet found a critical vulnerability in Facebook Messenger that allow the attacker to read all your personal messages affecting the privacy of one billion Facebook users. Facebook has fixed this issue after reporting by security by security firm.
Did you ever imagine that just by a running a website in your browser your all Facebook messages can be read by attacker and you will never know about this , no matter whether you are using Facebook’s mobile app or web browser.
Because these flaws affected both the web chat as well mobile
application.
For example, if the user opens a website to which the hacker has
directed them (via a malicious ad, a security issue, or the hacker’s own
website), the hacker can then see all the Facebook Messenger chats,
photos and other attachments which the user sends or receives. This
happens even if the user sends the messages by way of another computer,
or from their personal mobile device!
Earlier this week , Ysrael Gurt, the security researcher at BugSec and Cynet , reported a cross-origin bypass attack against Facebook Messenger that allows hackers to access your chat, photos and attachments as well. With the help of messenger Facebook manage the to replace the conventional text messages. Now around one billion active users trust Facebook for their conversations.
The hack, dubbed “Originull,” enables an attacker to access and view all
of a user’s private chats, photos and other attachments sent via
Facebook Messenger. Dubbed “Originull,” potentially affects millions of website that use
origin null restriction checks and exposes the website visitors to
malicious elements.
“This security flaw meant that the messages of 1-billion active monthly Messenger users were vulnerable to attackers,” said Stas Volfus, Chief Technology Officer of BugSec.
“This was an extremely serious issue, not only due to the high number of affected users, but also because even if the victim sent their messages using another computer or mobile, they were still completely vulnerable.”
Usually, the web browser protects us from such hacks by only allowing
Facebook pages to fetch the information. But, due to this bug,
Facebook opens a bridge that allows the sub-sites of the social network
to access the information.
The main issue was misconfigured cross-origin header implementation on
Facebook’s chat server domain, which is allowing the attackers to bypass
the origin checks and access the Facebook chats from a malicious
website.
This video demonstration shows how the hack is happen --
See also :WHAT IS "MIRAI BOTNET" ? WHY SOMEONE IS TRYING TO SHUT DOWN THE INTERNET OF AN ENTIRE COUNTRY USING IT
0 comments:
Post a Comment