Private messages that your send through your Facebook Messenger can be read by potential hackers using a hacking backdoor in the app. This backdoor vulnerability was found by the security researchers from Check Point, who will demo it at the Infosecurity Conference to be held today afternoon.
The security hole if unpatched could put 900 million people who use Facebook Messenger, at risk. The vulnerability was found by Check Point security researcher Roman Zaikan. Zaikan said that the backdoor allows a potential hacker to launch a man-in-the-middle (MiTM) attack into Facebook Messenger and spy/read messages without either the sender or the reader knowing it. The hacker could also alter the messages for their own malicious gain.
Check Point’s report on the security flaw warns it “could have a severe impact on users due to Facebook’s vital role in everyday activities worldwide.”
Facebook Messenger conversations are held as legal and binding evidence by courts in United States, Australia and Europe, therefore such hack could be used to alter judgment in key cases. The Check Point corroborated the above point by saying that malicious hacker could alter a conversation to claim he had reached a falsified agreement with a victim of the attack.
“This vulnerability opened the door for an attacker to hide evidence of a crime or even incriminate an innocent person,” it says.
Another potential risk is that a hacker could pose as a friend to infect someone’s computer with ransomware and other malicious payload and then extort the user for unlocking it.
Check Point Australian general manager Christopher Rodrigues said the cyber security firm alerted Facebook as soon as it detected the security hole and Facebook has patched the vulnerability. However Check Point couldnt confirm how long the Facebook Messenger carried this vulnerability nor it could find the vulnerability exploited in the wild. Neither did Check Point divulge if the vulnerability affected Facebook Messenger Android App or iOS App or both.
“We cannot confirm how many people have been affected by this,” he said.
Rodrigues added that there would be likely ramifications in the legal world in cases where Messenger communications were involved.
“Has that evidence been tampered with it or not? Does that particular individual, or the people in that case, do they know if they’ve been tampered or not? That is something which obviously they need to investigate
“If they think as an individual or a user they think that doesn’t look right or I don’t remember saying that, then they have to take steps. What this means is it means a lot of grief. For sure there will be something that could affect on the legal trait.
“It’s like having an invisible person in your house and you’re not knowing it. They could unlock the doors so when you’re not here somebody else could come in.”
Facebook has confirmed Check Points findings and accepted that there was indeed a vulnerability in Facebook Messenger. Facebook released a statement in a blog post saying it was the result of a “misconfiguration with the Messenger app on Android”.
Facebook said the “bug” allowed someone to change the content of their message but not somebody else’s message.
Facebook said even if someone altered the content of a message, using the flaw in the Android app, the correct version of the conversation still existed in other platforms and could be used as evidence of the unaltered conversation.
If you are a Facebook Messenger, it is recommended that your update your app with the latest version available on Google Play and Apple iTunes Store.
