Facebook Messenger Bug Allows Spying on Android Users

2020-11-20 15:11

Facebook has patched a significant flaw in the Android version of Facebook Messenger that could have allowed attackers to spy on users and potentially identify their surroundings without them knowing.

Exploiting the bug would only take a few minutes; however, an attacker would already have to have permissions-i.e., be Facebook "Friends" with the user-to call the person on the other end.

Silvanovich disclosed the bug to Facebook on Oct. 6; the company fixed the flaw on Nov. 19, she reported.

"After fixing the reported bug server-side, our security researchers applied additional protections against this issue across our apps that use the same protocol for 1:1 calling," Dan Gurfinkel, Facebook security engineering manager, wrote in the post.

The program, called Hacker Plus, aims to further incentivize researchers to find vulnerabilities in its platform by offering bonuses on top of bounty awards, access to more products and features that researchers can stress-test, and invites to Facebook annual events.

News URL

https://threatpost.com/facebook-messenger-bug-spying-android/161435/

#android #facebook

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Facebook		30	2	44	52	19	117
Android		4	0	17	2	0	19