12px13px15px17px
Date:23/11/20

Vulnerability in Facebook Messenger allowed spying on Android users

Facebook has patched a critical vulnerability in the Facebook Messenger app for Android. Its operation allowed callers, without permission, to listen to the surroundings of other users before the caller on the other end answered the call.
 
Attackers could exploit this issue by sending a special type of message, known as SdpUpdate, that would cause the call to connect to the callee’s device before being answered.
 
“If this message is sent to the called device during a call, it immediately starts transmitting audio, which allows an attacker to eavesdrop on the callee’s surroundings, ” Natalie Silvanovich of Google Project Zero explained .
 
The issue was discovered in the Android version of Facebook Messenger 284.0.0.16.119 last month. Silvanovic also provided Python-based PoC code for exploiting the vulnerability to reproduce the issue in the Project Zero bug tracking system.
 
For automatic call connection, the PoC code for exploiting the vulnerability includes the following steps:
 
Waiting for the proposal to be sent and saving the sdpThrift field from the proposal
Send SdpUpdate message with sdpThift target
Sending a fake SdpAnswer message to an attacker to make the device think the call was answered and play the incoming sound.
 
“To take advantage of this issue, an attacker must already have permission to call a specific person, bypassing certain compliance checks (for example, Facebook friendship). He will also need to use reverse engineering tools to manipulate his Messenger application and make it send a custom message, ”Silvanovic explained.





Views: 583

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto






04 March 2021

04/03/21
Minister Rashad Nabiyev met with ministry’s employees who took part in Patriotic War

Minister of Transport, Communications and High Technologies Rashad Nabiyev met with the employees of the

04/03/21
Compal’s Airttach laptop may be the best triple-screen concept we’ve seen yet

When on the go with a laptop, one of the biggest complaints tends to be a lack of screen real estate, especially

04/03/21
Verizon support says you should turn off 5G to save your phone’s battery

Despite its relentless promotion of 5G phones and the fact that it spent more than $45 billion bidding on a new

04/03/21
Xiaomi and Realme announce Qualcomm chip shortage

Xiaomi and Realme are victims of a shortage of chips signed Qualcomm. The two Chinese manufacturers confirm

04/03/21
MediaTek announces MT9638 AI chipset for next-generation 4K Smart TVs

MediaTek, the Taiwan-based chipset maker, has been a market leader when it comes to chips powering the Smart TVs

03 03 2021

03/03/21
Bill Gates prefers Android over iOS smartphones

The iPhone vs Android debate has been around for years with significant backers on both sides. Apple’s iPhone

03/03/21
Strategy Analytics: Cellular IoT Connections to reach 3.5 Billion by 2030

According to the latest research from Strategy Analytics, 5G comprised less than 1

03/03/21
Global Semiconductor Sales Increase 13.2% year-to-year in January

The Semiconductor Industry Association (SIA) today announced global semiconductor industry sales were $40.0

03/03/21
Kuo: Apple could launch 8-inch foldable iPhone and notch-less iPhone in 2023

Ming-Chi Kuo’s analyst note today includes a range of predictions for iPhone 13, the next iPhone SE and iPhone