Experts Insight On Android Users Could Spy On Others Using Facebook Messenger

Facebook recently fixed a critical flaw in the Facebook Messenger for Android messaging app by which one can listen to other users’ surroundings without their knowledge. As per official Play Store page, it is used by nearly 1 billion users. 

Experts Comments

November 23, 2020
Hank Schless
Senior Manager, Security Solutions
Lookout
This isn’t the first time we’ve seen an attack like this. Just last year, it was reported that an attacker could inject commercial spyware into a device via unanswered WhatsApp calls. Attackers will find creative ways to bypass the native security measures built into apps and devices in order to discreetly compromise the device. This vulnerability in particular could be used to execute a highly effective spying campaign on targeted individuals. It’s a cheap and easy way to be able to.....Read More
This isn’t the first time we’ve seen an attack like this. Just last year, it was reported that an attacker could inject commercial spyware into a device via unanswered WhatsApp calls. Attackers will find creative ways to bypass the native security measures built into apps and devices in order to discreetly compromise the device. This vulnerability in particular could be used to execute a highly effective spying campaign on targeted individuals. It’s a cheap and easy way to be able to eavesdrop on certain individuals. It’s another example of how attackers can leverage personal applications on mobile devices to steal corporate information. This is unique because it doesn’t require any direct interaction with the target and no malware needs to be installed. Mobile devices are the key to productivity, so cybercriminals have been increasingly exploiting mobile vulnerabilities on outdated apps and OS versions to initiate their attack. If a user is running an out-of-date version of Facebook Messenger moving forward, they could unintentionally expose sensitive information to attackers. It’s absolutely necessary to understand what mobile apps are running on your employee's mobile devices, especially if you allow them to use personal devices to access corporate data. Out-of-date apps could put you out of alignment with compliance standards to cause unintentional data leakage.  Read Less
November 23, 2020
Jake Moore
Cybersecurity Specialist
ESET
The amount this security researcher was paid reflects the damage that could have been made if this vulnerability had made it into the mainstream. However, there is nothing to say it was not used in the wild and used by malicious actors around the world. Patching unknown threats is a constant battle between good and evil but the longer it takes for a zero-day threat to be patched, the longer the bad actors have to profit from their findings by selling it or via extortion. Similar to Pegasus,.....Read More
The amount this security researcher was paid reflects the damage that could have been made if this vulnerability had made it into the mainstream. However, there is nothing to say it was not used in the wild and used by malicious actors around the world. Patching unknown threats is a constant battle between good and evil but the longer it takes for a zero-day threat to be patched, the longer the bad actors have to profit from their findings by selling it or via extortion. Similar to Pegasus, which is believed to have been used to target Jeff Bezos, this attack is extremely rare but it highlights the importance of patching and updating both by the developers and us as users.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts