Researcher finds a way to Delete and Modify Facebook Messages Sent to Other Users
Researchers have shown that how you can modify or alter your messages once you have pressed the SEND button in Facebook Messenger.
According to the researcher Roman Zaikin from cyber security firm Check Point, a simple HTML tweak can be used to exploit Facebook online chat as well as its Messenger app, potentially allowing anyone to modify or delete any of his/her sent message, photo, file, and link.
Here’s How the Exploit Works:
The exploit works on the way Facebook assigns identities to chat messages. Each chat message has a unique “message_id” identifier that could be revealed by sending a request towww.facebook.com/ajax/mercury/thread_info.php.
Once message_id is identified, an attacker could alter its respective message content and send it back to Facebook servers which accept the new content as legitimate and push it back to the victim’s PC or mobile device.
“By exploiting this vulnerability, cyber criminals could change a whole chat thread without the victim realizing,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point.
The social networking giant promptly moved to fix the vulnerability, though Facebook explained that the flaw only affected its Messenger app on Android.
“Based on our investigation, this simple misconfiguration in the Messenger app on Android turned out to be a low-risk issue, and it’s already been fixed,” Facebook wrote in its blog post published Tuesday.
Additionally, Facebook claims the vulnerability could not be exploited to infect its users’ PCs with malicious software, as the company is using anti-spam and anti-virus filters to detect malware and spams.