Security News > 2020 > November > Facebook Messenger Bug Allows Spying on Android Users
Facebook has patched a significant flaw in the Android version of Facebook Messenger that could have allowed attackers to spy on users and potentially identify their surroundings without them knowing.
Exploiting the bug would only take a few minutes; however, an attacker would already have to have permissions-i.e., be Facebook "Friends" with the user-to call the person on the other end.
Silvanovich disclosed the bug to Facebook on Oct. 6; the company fixed the flaw on Nov. 19, she reported.
"After fixing the reported bug server-side, our security researchers applied additional protections against this issue across our apps that use the same protocol for 1:1 calling," Dan Gurfinkel, Facebook security engineering manager, wrote in the post.
The program, called Hacker Plus, aims to further incentivize researchers to find vulnerabilities in its platform by offering bonuses on top of bounty awards, access to more products and features that researchers can stress-test, and invites to Facebook annual events.
News URL
https://threatpost.com/facebook-messenger-bug-spying-android/161435/