fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Facebook Messenger Bug Allowed Android Users To Spy On Each Other

Facebook Messenger Bug Allowed Android Users To Spy On Each Other

Facebook fixed a critical flaw in the Facebook Messenger for Android messaging app that allowed callers to listen to other users’ surroundings without permission before the person on the other end picked up the call.

Facebook Messenger for Android has been installed on more than 1 billion Android devices according to the app’s official Play Store page.

Attackers could have exploited this bug by sending a special type of message known as SdpUpdate which would cause the call to connect to the callee’s device before it was answered.

“If this message is sent to the callee device while it is ringing, it will cause it to start transmitting audio immediately, which could allow an attacker to monitor the callee’s surroundings,” explains Natalie Silvanovich, a researcher part of Google’s Project Zero bug-hunting team.

“Normally, the callee does not transmit audio until the user has consented to accept the call, which is implemented by either not calling setLocalDescription until the callee has clicked the accept button, or setting the audio and video media descriptions in the local SDP to inactive and updating them when the user clicks the button (which strategy is used depends on how many endpoints the callee is logged into Facebook on).”

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

Reproducing the Messenger for Android issue

Silvanovich found the issue on version 284.0.0.16.119 of Facebook Messenger for Android last month. The researcher also provides Python-based proof-of-concept (PoC)  exploit code to reproduce the issue on Project Zero’s bug tracker.

The full procedure for reproducing the now fixed issue involves making an audio call to the target device after running the PoC on the attacker’s device.

After waiting a few seconds, the attacker can hear audio from the target’s surroundings through their device’s speakers.

To automatically connect the call, the PoC will go through the following steps:

  1. Waits for the offer to be sent, and saves the sdpThrift field from the offer
  2. Sends a SdpUpdate message with this sdpThift to the target
  3. Sends a fake SdpAnswer message to the *attacker* so the device thinks the call has been answered and plays the incoming audio

Bug exploitable by attackers in the target’s friends list

As per Facebook’s explanation, this bug “could have allowed a sophisticated attacker logged in on Messenger for Android to simultaneously initiate a call and send an unintended message type to someone logged in on Messenger for Android and another Messenger client (i.e. web browser).”

“It would then trigger a scenario where, while the device is ringing, the caller would begin receiving audio either until the person being called answers or the call times out.

“To exploit this issue, an attacker would have to already have the permissions to call this particular person bypassing certain eligibility checks (e.g. being friends on Facebook). They’d also need to use reverse engineering tools to manipulate their own Messenger application to force it to send a custom message.”

After fixing the bug reported by Project Zero server-side, Facebook’s security researchers applied additional protections across other apps that use the same protocol for 1:1 calling.

Bug awarded a $60,000 bug bounty

Facebook awarded Silvanovich with a $60,000 bounty for finding and disclosing this Messenger for Android bug.

“This report is among our three highest bug bounties at $60,000, which reflects its maximum potential impact,” Dan Gurfinkel, Facebook’s Security Engineering Manager, said earlier today.

The Project Zero researcher says that she will donate the entire sum to the GiveWell Maximum Impact Fund. Collin Greene, Product Security Manager at Facebook, later said that the company will match Silvanovich’s donation to GiveWell for a total of $120,000.

Over 50,000 researchers joined Facebook’s bug bounty program and roughly 6,900 of them were awarded a bounty after filing more than 130,000 vulnerability reports since 2011.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business

This year alone, Facebook says that over $1.98 million were awarded to researchers from more than 50 countries who reported over 1,000 vulnerabilities.

Update: Added info on Facebook’s bug bounty program.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us