Facebook Messenger Limps On Security: Spying On Third-Party Audio Messages Is Simple
Not only is WhatsApp vulnerable to hackers, Mark Zuckerberg's instant messaging app, Facebook Messenger, also has security breaches. This especially includes the audio messages which can now be intercepted by a third party under certain circumstances.
The ruling has been discovered by Mohamed A. Baset, a cybersecurity expert and advisor and is even uploaded on YouTube in which he demonstrates how an attacker can access files audio or video servers social network and play them without effort.
The video describes all the steps and indications to follow that corroborate the safety fault. This is a warning which, however, Facebook engineers have not given importance, as Baset said to Threat Post. But why does this happen? As explained, all audio messages sent to another Messenger user are automatically uploaded to Facebook servers in an MP4 file, which in turn are available through a URL.
The problem here is that the process of accessing that URL offers no resistance. That is, there is no security of any kind and with the URL one can play the audio clip without entering a password. If the links are HTTPS, as detailed Baset, simply delete the 'S' that provides protection so that the file is downloaded without problems.
This is mainly because Facebook has not implemented the HSTS security mechanism, which forces a browser to interact only with secure HTTP connections. Although the king of social networks is aware of the matter after the cybersecurity expert reported to Facebook engineers, it has not yet been remedied.
Facebook is dismissing such claims regarding multimedia content such as audio-based messages sent via its Facebook Messenger service and their possibility to be intercepted by a third-party under certain conditions. The best, therefore, is to be wary of the audios that are sent by Facebook Messenger, especially if one is connected to WIFI networks.