A newly discovered loophole in Facebook’s technology left a vulnerability for hackers to infiltrate alter Facebook’s logs of online chats through the Messenger App, security researchers have found.
The modifications of old messaging records could allow attackers “to control the future … by using them to commit fraud, to falsify evidence in legal investigations, or to introduce malware onto a PC or phone.”
Roman Zaikin, security researcher at Check Point Software Technologie,s discovered the flaw. In a video posted to Youtube, Zaikin exhibits how he could change earlier messages to anything, including a link to a ransomware attack.
WATCH:
Communications over the internet can be used in legal investigations and this defect could allow for the undetected tampering of evidence.
Facebook is aware of this technical error and addressed the issue in an official blog post. The “Facebook Bug Bounty” opines that this is a “simple configuration” issue and that based on their investigation, “the Messenger app on Android turned out to be a low risk issue and it’s already been fixed.”
Head of Products Vulnerability Research at Check Point, Oded Vanunu, stressed the significance of this bug even if Facebook already patched the vulnerability. “The hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” Vanunu explained.
“We appreciate the whitehat researches who reported it and helped us create a better experience for al the people who use Messenger,” Facebook concluded in their statement.
Zaikin and Check Point were able to spot the bug, but it is not yet known what alterations have already been made to the countless amounts of information on Facebook’s chat records.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.