Check Point Software and Facebook eliminated vulnerability in the messenger of social network
| Customers: Facebook
Contractors: Check Point Software Technologies Product: Projects of IT outsourcingProject date: 2016/03 - 2016/09
|
On June 7, 2016 Check Point Software Technologies Ltd company. announced existence in a chat of Facebook of vulnerability. It allows unfair users to change or delete any messages, a photo, files or links in the messenger and the online version of a chat of social network.
Experts of Check Point and Facebook quickly eliminated vulnerability.
Technology of use of vulnerability consists in a potentiality at the hacker - to get access to a message ID — to the message_id parameter. Knowing ID, it can change contents of the message and send to the server of Facebook. The interlocutor will not notice changes as will not receive the content change notification.
Thus there was a possibility of execution of several directions of the attacks. Each of them can have serious effects, considering value of Facebook network in life of users:
- Malefactors can change the history of messages within the fraudulent campaigns. For example, having changed the content of a conversation, the hacker can say that he reached (false) agreement with the victim, or to change conditions of this arrangement.
- Change or concealment of important information in a chat of Facebook can have legal consequences. Messages in chats can be used as proofs during judicial investigations therefore vulnerability gives to malefactors the chance to hide proofs of crime or even in a false manner to accuse the innocent person.
- Vulnerability as means of spread of viruses. The hacker can implement a malicious code in the harmless link or the file and it is easy to convince the user to open them. Vulnerability allows to update constantly the address of the command server in the malicious URL, thereby providing distribution of a phishing attack. Because of change of the address of the command server of the solution on security cannot detect and block the infected content.
 | With this vulnerability cybercriminals are capable to change all flow of messages in a chat without the knowledge of the user. Moreover, the hacker can apply technology of automation to bypass solutions of protection and to make changes in a chat for a long time. Vasily Dyagilev, the chief representative of Check Point Software Technologies in Russia and the CIS |  |
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |