Tuesday, March 19, 2024

Facebook Messenger Bug Let Android Users Spy On Each Other

Tamagotchi hacker, Natalie Silvanovich, who works as a Security Engineer on Prjoect Zero at Google recently received a bounty of $60,000 for identifying a bug in Facebook Messenger which allows a call to connected much before the callee has answered the call. The bug seems to exist on the Android Facebook messenger app only.

Facebook Messenger sets up audio and video calls in WebRTC by exchanging a series of thrift messages between the callee and caller. WebRTC is a free, open-source project that provides web browsers and mobile applications with real-time communication via simple application programming interfaces.

Usually in an audio call, audio is transmitted only when the callee has attended the call. However, there is an instance when the call transmitting audio even before the recipient of the call can accept the call. This allows any miscreant to monitor the victim’s surroundings.

Surprised? So are we!! Let’s have a look at how this can be re-created.

1) Log into Facebook Messenger on the attacker device
2) Log into Facebook Messenger on the target device. Also log into Facebook in a browser on the same account. (This will guarantee call set-up uses the delayed calls to setLocalDescription strategy, this PoC doesn’t work with the other strategy)
3) install frida on the attacker device, and run Frida server
4) make a call to any device with the attacker device to load the RTC libraries so the can be hooked with Frida
5) unzip sdp_update, and locally in the folder, run:

python2 modifyout(.)py “attacker device name”

(to get a list of devices, run python2 modifyout(.)py

6) make an audio call to the target device

In a few seconds, audio from the target devices can be heard through the speakers of the attacker device.

The PoC performs the following steps:

1) Waits for the offer to be sent, and saves the sdpThrift field from the offer
2) Sends an SdpUpdate message with this sdpThift to the target
3) Sends a fake SdpAnswer message to the *attacker* so the device thinks the call has been answered and plays the incoming audio

Unusual? Yes!

Common? More than you think

In early 2019, Apple’s Facetime had a similar bug whereby you could listen to the listen in on someone, even if they have not picked the call.

The smartphone may really be much smarter than we can imagine.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Facebook Taken Down Number of Political ads due to Technical Flaws in their System

Facebook Hacking made Easy and Convenient with Numerous Hacking Apps

Website

Latest articles

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

A critical vulnerability was discovered in two plugins developed by miniOrange.The affected plugins,...

ShadowSyndicate Hackers Exploiting Aiohttp Vulnerability To Access Sensitive Data

A new Aiohttp vulnerability has been discovered, which the threat actor ShadowSyndicate exploits.Aiohttp...

Hackers Launching AI-Powered Cyber Attacks to Steal Billions

INTERPOL's latest assessment on global financial fraud uncovers the sophisticated evolution of cybercrime, fueled...

Fujitsu Hacked – Attackers Infected The Company Computers with Malware

Fujitsu Limited announced the discovery of malware on several of its operational computers, raising...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles