Friday, April 19, 2024

Facebook Messenger Bug Let Android Users Spy On Each Other

By Guru baran

Facebook Messenger Bug

Tamagotchi hacker, Natalie Silvanovich, who works as a Security Engineer on Prjoect Zero at Google recently received a bounty of $60,000 for identifying a bug in Facebook Messenger which allows a call to connected much before the callee has answered the call. The bug seems to exist on the Android Facebook messenger app only.

Facebook Messenger sets up audio and video calls in WebRTC by exchanging a series of thrift messages between the callee and caller. WebRTC is a free, open-source project that provides web browsers and mobile applications with real-time communication via simple application programming interfaces.

Usually in an audio call, audio is transmitted only when the callee has attended the call. However, there is an instance when the call transmitting audio even before the recipient of the call can accept the call. This allows any miscreant to monitor the victim’s surroundings.

Surprised? So are we!! Let’s have a look at how this can be re-created.

1) Log into Facebook Messenger on the attacker device
2) Log into Facebook Messenger on the target device. Also log into Facebook in a browser on the same account. (This will guarantee call set-up uses the delayed calls to setLocalDescription strategy, this PoC doesn’t work with the other strategy)
3) install frida on the attacker device, and run Frida server
4) make a call to any device with the attacker device to load the RTC libraries so the can be hooked with Frida
5) unzip sdp_update, and locally in the folder, run:

python2 modifyout(.)py “attacker device name”

(to get a list of devices, run python2 modifyout(.)py

6) make an audio call to the target device

In a few seconds, audio from the target devices can be heard through the speakers of the attacker device.

The PoC performs the following steps:

1) Waits for the offer to be sent, and saves the sdpThrift field from the offer
2) Sends an SdpUpdate message with this sdpThift to the target
3) Sends a fake SdpAnswer message to the *attacker* so the device thinks the call has been answered and plays the incoming audio

Unusual? Yes!

Common? More than you think

In early 2019, Apple’s Facetime had a similar bug whereby you could listen to the listen in on someone, even if they have not picked the call.

The smartphone may really be much smarter than we can imagine.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Facebook Taken Down Number of Political ads due to Technical Flaws in their System

Facebook Hacking made Easy and Convenient with Numerous Hacking Apps

Managed WAF Protection

Website

Latest articles

cyber security

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing...
Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]