Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Dominic Lipinski/PA Wire

Facebook Messenger flaw allowed hackers to secretly alter messages

Facebook has fixed the problem but said it was a “low risk issue”.

RESEARCHERS FOUND A SECURITY flaw which allowed users to alter conversations on Facebook’s Messenger app after they were sent.

Security company Check Point, which uncovered the flaw, said it could have been used to “modify or remove any sent message, photo, file, link, and much more” without the person on the other end realising.

The team said the potential damage of this flaw could allow someone to tamper, alter or hide important information and claimed it could be used to distribute malware by changing a normal link into a malicious one.

The attacker could also continue to update the link as a way of outsmarting the app’s security measures.

The vulnerability was disclosed to Facebook’s security team earlier this month and is now fixed.

However, Facebook posted an update on the bug saying it only affected the Android version of Messenger. It also said it was a “low risk issue” as it had the necessary spam and malware filters in place to prevent users from falling victim to ransomware.

Facebook Conference Facebook Messenger now has more than 900 million monthly active users. AP Photo / Eric Risberg AP Photo / Eric Risberg / Eric Risberg

“Because even new content was subject to our anti-malware and anti-spam filters, this bug did not introduce the ability to send malicious content that would have been blocked in the original message,” it said in a statement.

Based on our investigation, this simple misconfiguration in the Messenger app on Android turned out to be a low risk issue and it’s already been fixed.

Facebook has put a lot of work into making Messenger a standalone app. While it has more than 900 million users on it every month, not everyone was happy with the decision to push people from the main app to a standalone app.

Users were able to get around this by using the web app or using chat heads on Android, but Facebook is said to be disabling it and telling users their conversations will soon only be viewed from Messenger.

Read: Even Mark Zuckerberg’s online accounts aren’t safe from hackers >

Read: The title that made the Game Boy a massive hit is 32 years old >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Quinton O'Reilly
View 4 comments
Close
4 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds