CYBER sleuths have discovered a scary Facebook security flaw which allegedly allows “malicious” hackers to carry out supersophisticated fraud campaigns.
Experts from a security firm called Check Point said the vulnerability would let crooks hack into private messages and even change the contents.
This could allow them fraudsters to “change the history of a conversation to claim he had reached a falsified agreement with the victim”, researchers claimed.
“The vulnerability allows a malicious user to change a conversation thread in the Facebook Online Chat and Messenger App,” the firm wrote.
“By abusing this vulnerability, it is possible to modify or remove any sent message, photo, file, link, and much more.”
It could even let crims “hide evidence of a crime or even incriminate an innocent person”.
“By exploiting this vulnerability, cyber criminals could change a whole chat thread without the victim realising,” claimed Oded Vanunu, head of products vulnerability research at Check Point.
His also suggested hackers could use automation techniques to “continually outsmart security measures for long-term chat alterations”.
The researchers quickly alerted Facebook, which closed the security hole as soon as it was warned.
However, the social network claimed the vulnerability was nowhere near as severe as it might appear and only affected Android phones.
“Based on our investigation, this simple misconfiguration in the Messenger app on Android turned out to be a low risk issue and it’s already been fixed,” a spokesman wrote on a blog posted earlier today.
Facebook also said the falsified messages “self corrected”, and snapped back to their original form.
It denied that viruses could be sent using messaging services.
“We appreciate the researchers who reported it and helped us create a better experience for all the people who use Messenger,” Facebook added.
Online Source
