sb-as logo
Story image

Facebook MaliciousChat vulnerability reveals dangerous ransomware exploit

08 Jun 2016

 Check Point Security recently discovered a vulnerability in Facebook One Chat and Messenger app that could allow cyber attackers to control and manipulate any Facebook chat conversation.

Check Point Security Researcher found that the Facebook MaliciousChat vulnerability can delete or change any sent message, photo, file or link sent through the chat windows.

Facebook has since patched the vulnerability, but Check Point believes these types of attacks and their vectors could be disastrous for businesses and consumers who use Facebook.

“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realising. What’s worse, rhe hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” Oded Vanunu, head of products vulnerability research at Check Point, says.

The implications of the vulnerability, accessed via manipulation of the 'message_id' parameter, allows hackers access to easy ransomware demands. Check Point says although ransomware attacks only last a number of days before security vendors block the attacks, hackers can still develop ways to keep ahead of security measures.

Chat conversations can be used as legal evidence in investigations, so the vulnerability demonstrates how hackers can conceal evidence or incriminate innocent users.

Check Point says the vulnerability can also be used as a vehicle for malware, as the links can be changed to malicious ones that would look legitimate because of their sources as trusted chat partners.

Vanunu says Facebook has done a commendable job of quickly patching the issue.

Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
COVID-19 crushes fingerprint reader market
However, the biometrics market is expected to regain momentum with alternatives already beginning to find their feet.More
Story image
Microsoft: Digital transformation doesn't make SMEs immune to cyber threats
Ricky Kapur warns that despite digital transformation every business is at risk - no matter how large or small they are.More
Story image
Criminals scale back DDoS attacks after 'abnormal' spike in Q2
The Q2 spike seems to have been short-lived as DDoS activity returns to ‘normal’ levels over Q3, with 73% fewer attacks than seen in the previous quarter.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More