Facebook has patched a bug with its Messenger service that would have allowed attackers to change the content of a conversation. Security researchers at Checkpoint found the vulnerability in Facebook’s Online Chat and Messenger app, and made the social network aware of the problem; Facebook then quickly patched the flaw.
According to CheckPoint, the vulnerability would allow a malicious hacker to locate an identifier related to each message sent via Messenger. The attacker could then change the content of the message, and send it off to Facebook’s servers. Facebook would then deliver the altered message, leaving the recipient unknowingly victimized.
The bug could have done more than create confusion (and ruin relationships), though. Attackers could have inserted malicious links into chats to spread malware, among other possibilities.
“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realizing, What’s worse. The hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” Oded Vanunu, Head of Products Vulnerability Research at CheckPoint, said in a statement. “We applaud Facebook for such a rapid response and putting security first for their users.”
Chatting has quickly become a core component in Facebook’s product mix. The company offers its Messenger application, which now boasts nearly a billion users. At its F8 developers conference earlier this year, Facebook also updated the app to include support for chatbots.