Facebook Messenger Flaw Enabled Spying on Android Callees

  /     /     /  
Publicated : 23/11/2024   Category : security


Facebook Messenger Flaw Enabled Spying on Android Callees


A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victims knowledge.



Facebook has patched a critical vulnerability in the Facebook Messenger for Android mobile app, which could have let attackers spy on other Facebook users using audio and video calls.
Natalie Silvanovich, the researcher with Googles Project Zero who discovered the bug, says it existed in Facebook Messengers implementation of a protocol called WebRTC, which the app uses to set up audio and video calls by exchanging thrift messages between callee and caller.
Normally, a person receiving a call doesnt send audio until the call is accepted, Silvanovich said in a write-up of her findings. This step is implemented by either not calling setLocalDescription until the callee has clicked accept, or by setting audio and video media description in the local Session Description Protocol (SDP) to inactive and updating them when the call is accepted. 
However, she wrote, there is a message type called SdpUpdate, which is not used for call setup and will cause setLocalDescription to be called immediately. If this message is sent to someone while their phone is ringing, the callee would begin to transmit audio immediately and enable an attacker to listen to their surroundings. The callee would not have to answer their phone.
Silvanovich explains the steps of an attack in her report. In a separate
write-up
celebrating the 10th anniversary of its bug bounty program, Facebook noted an attacker would need to have certain permissions, such as already being Facebook friends, to call a victim. The attacker would also need to use reverse engineering tools to send a custom message from their Messenger app.
Facebook fixed the vulnerability with a server-side patch and says its researchers applied more protections for this issue across apps that use the same protocol for one-on-one calls. The flaw merited a bug bounty of $60,000, among the three highest bug bounties the company offers.
Read Silvanovichs Project Zero
bug report
for more details.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Facebook Messenger Flaw Enabled Spying on Android Callees