Facebook Messenger Flaw Could’ve Allowed Criminals to Intercept Messages

By on Jun 13, 2016

When it comes to day-to-day communications, we are—to put it mildly—married to our messaging applications. Which is why it’s worrying when researchers find security flaws in major messaging apps. And that’s exactly what happened recently, when researchers identified a troublesome flaw in the Facebook Messenger application.

The flaw would give a cybercriminal unfettered access to a victim’s chat logs—allowing them to modify, delete and generate fraudulent pictures, links and texts. This flaw could also be used to spread malware, ransomware and more. While the attack is limited—it only affects the Messenger application on Android devices—it could still be troublesome.

Simply put: an attacker could modify a message history as a part of a fraud campaign — either stating the victim agreed to do something that they didn’t, or framing the victim for a crime they didn’t commit. Crooks could also use the flaw to spread ransomware, spy on business conversations and more.

Facebook was notified of this flaw well before it was announced on June 7, and being the professionals they are, their teams fixed the vulnerability post-haste. So you don’t have to worry about this vulnerability so long as your Facebook Messenger application is updated to the latest version.

Regardless, it’s a good reminder to always be conscious and aware of what you do and say online at all times. After all, another vulnerability could be lurking right around the corner.

So what can you do to make sure you don’t fall victim to this sort of attack in the future? Well, there are a few measures you can take:

  • Don’t answer messages from strangers. It’s solid advice for all aspects of life, but here it could save you from a long-running spat of identity fraud and malware infections. If someone you don’t know is sending you messages and links—even if they appear friendly—ignore them.
  • Watch where you click. Like a lot of phishing attacks, messaging attacks have tell-tale signs. Bad grammar, off-beat syntax, suspicious behavior and links to well-known, but misspelled URL addresses, are all things to be conscious of when reviewing messages. If something seems off, exit the conversation.
  • Use comprehensive security. A lot of messaging attacks will still need to get past security programs in order to infect a device—that is, if you have one in place. That’s why you should use a comprehensive security service, like McAfee LiveSafe™, to scan potentially troublesome links and messages for threats.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs