Date:23/11/20
Facebook has patched a critical vulnerability in the Facebook Messenger app for Android. Its operation allowed callers, without permission, to listen to the surroundings of other users before the caller on the other end answered the call.
Attackers could exploit this issue by sending a special type of message, known as SdpUpdate, that would cause the call to connect to the callee’s device before being answered.
“If this message is sent to the called device during a call, it immediately starts transmitting audio, which allows an attacker to eavesdrop on the callee’s surroundings, ” Natalie Silvanovich of Google Project Zero explained .
The issue was discovered in the Android version of Facebook Messenger 284.0.0.16.119 last month. Silvanovic also provided Python-based PoC code for exploiting the vulnerability to reproduce the issue in the Project Zero bug tracking system.
For automatic call connection, the PoC code for exploiting the vulnerability includes the following steps:
Waiting for the proposal to be sent and saving the sdpThrift field from the proposal
Send SdpUpdate message with sdpThift target
Sending a fake SdpAnswer message to an attacker to make the device think the call was answered and play the incoming sound.
“To take advantage of this issue, an attacker must already have permission to call a specific person, bypassing certain compliance checks (for example, Facebook friendship). He will also need to use reverse engineering tools to manipulate his Messenger application and make it send a custom message, ”Silvanovic explained.
Vulnerability in Facebook Messenger allowed spying on Android users
Facebook has patched a critical vulnerability in the Facebook Messenger app for Android. Its operation allowed callers, without permission, to listen to the surroundings of other users before the caller on the other end answered the call.Attackers could exploit this issue by sending a special type of message, known as SdpUpdate, that would cause the call to connect to the callee’s device before being answered.
“If this message is sent to the called device during a call, it immediately starts transmitting audio, which allows an attacker to eavesdrop on the callee’s surroundings, ” Natalie Silvanovich of Google Project Zero explained .
The issue was discovered in the Android version of Facebook Messenger 284.0.0.16.119 last month. Silvanovic also provided Python-based PoC code for exploiting the vulnerability to reproduce the issue in the Project Zero bug tracking system.
For automatic call connection, the PoC code for exploiting the vulnerability includes the following steps:
Waiting for the proposal to be sent and saving the sdpThrift field from the proposal
Send SdpUpdate message with sdpThift target
Sending a fake SdpAnswer message to an attacker to make the device think the call was answered and play the incoming sound.
“To take advantage of this issue, an attacker must already have permission to call a specific person, bypassing certain compliance checks (for example, Facebook friendship). He will also need to use reverse engineering tools to manipulate his Messenger application and make it send a custom message, ”Silvanovic explained.
Views: 847
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
