Share, , Google Plus, Pinterest,

Print

Posted in:

Researcher finds a way to Delete and Modify Facebook Messages Sent to Other Users

Researcher finds a way to Delete and Modify Facebook Messages Sent to Other Users

Researcher finds a way to Delete and Modify Facebook Messages

 

Researchers have shown that how you can modify or alter your messages once you have pressed the SEND button in Facebook Messenger.

According to the researcher Roman Zaikin from cyber security firm Check Point, a simple HTML tweak can be used to exploit Facebook online chat as well as its Messenger app, potentially allowing anyone to modify or delete any of his/her sent message, photo, file, and link.

Though the bug is simple, it could be exploited by malicious users to send a legitimate link in a Facebook chat or group chat, and later change it to a malicious link that could lead to a malware installation, tricking victims into infecting their systems.

Here’s How the Exploit Works:

The exploit works on the way Facebook assigns identities to chat messages. Each chat message has a unique “message_id” identifier that could be revealed by sending a request towww.facebook.com/ajax/mercury/thread_info.php.

Once message_id is identified, an attacker could alter its respective message content and send it back to Facebook servers which accept the new content as legitimate and push it back to the victim’s PC or mobile device.

https://youtu.be/QRksIURxnks
By exploiting this vulnerability, cyber criminals could change a whole chat thread without the victim realizing,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point.
Researchers discovered the vulnerability earlier this month and notified Facebook about the flaw.

The social networking giant promptly moved to fix the vulnerability, though Facebook explained that the flaw only affected its Messenger app on Android.

Based on our investigation, this simple misconfiguration in the Messenger app on Android turned out to be a low-risk issue, and it’s already been fixed,” Facebook wrote in its blog post published Tuesday.

Additionally, Facebook claims the vulnerability could not be exploited to infect its users’ PCs with malicious software, as the company is using anti-spam and anti-virus filters to detect malware and spams.

Comments

comments