Natalie Discovered Facebook Messenger Bug That was Allowing an Attacker Via Phone

The security researchers revealed a Facebook Messenger bug discovered earlier this year. This error worked with the Facebook Messenger calling system, using a loophole that allows an attacker to call, and the call to the end of the recipient auto-answered. With this bug, an attacker can hear you without your knowledge on your phone.

The bug allowed an attacker to call your phone and force your phone to take it without your information. The attacker can listen to impunity to your conversations after the process is activated.

Facebook Messenger makes WebRTC calls that differ slightly from the normal phone app for a call. A set of inspections is usually needed to connect the caller and the recipient. Ideally, if the recipient pushed a button to accept a call, it would not be possible to connect to the recipient.

The security researcher “Natalie” (N. Silvanovich) discovered a way of bypassing the system, which is normally required for call connections. The caller uses a special kind of message to force the phone to log audio into the receiver. He also noted that “If this message is sent while ringing to the Callee device, it causes the attacker to start broadcasting audio immediately so that the attacker can monitor the area around the Callee.”

How to get rid of the Facebook Messenger Bug?

As Facebook has updated its messenger fixing the bug so the only way to get rid is to update it to the latest version. If you have the latest version of your smartphone and/or tablet Facebook Messenger, you should be safe.

Silvanovich donated the bug bounty to the charity as you will see below.

Have you updated the messenger?

Leave a Reply

Your email address will not be published. Required fields are marked *