Experts Insight On Android Users Could Spy On Others Using Facebook Messenger

By   ISBuzz Team
Writer , Information Security Buzz | Nov 23, 2020 07:50 am PST

Facebook recently fixed a critical flaw in the Facebook Messenger for Android messaging app by which one can listen to other users’ surroundings without their knowledge. As per official Play Store page, it is used by nearly 1 billion users. 

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
InfoSec Expert
November 23, 2020 4:09 pm

The amount this security researcher was paid reflects the damage that could have been made if this vulnerability had made it into the mainstream. However, there is nothing to say it was not used in the wild and used by malicious actors around the world. Patching unknown threats is a constant battle between good and evil but the longer it takes for a zero-day threat to be patched, the longer the bad actors have to profit from their findings by selling it or via extortion.

Similar to Pegasus, which is believed to have been used to target Jeff Bezos, this attack is extremely rare but it highlights the importance of patching and updating both by the developers and us as users.

Last edited 2 years ago by Jake Moore
Hank Schless
Hank Schless , Senior Manager, Security Solutions
InfoSec Expert
November 23, 2020 3:55 pm

This isn’t the first time we’ve seen an attack like this. Just last year, it was reported that an attacker could inject commercial spyware into a device via unanswered WhatsApp calls. Attackers will find creative ways to bypass the native security measures built into apps and devices in order to discreetly compromise the device.

This vulnerability in particular could be used to execute a highly effective spying campaign on targeted individuals. It’s a cheap and easy way to be able to eavesdrop on certain individuals. It’s another example of how attackers can leverage personal applications on mobile devices to steal corporate information. This is unique because it doesn’t require any direct interaction with the target and no malware needs to be installed.

Mobile devices are the key to productivity, so cybercriminals have been increasingly exploiting mobile vulnerabilities on outdated apps and OS versions to initiate their attack. If a user is running an out-of-date version of Facebook Messenger moving forward, they could unintentionally expose sensitive information to attackers. It’s absolutely necessary to understand what mobile apps are running on your employee\’s mobile devices, especially if you allow them to use personal devices to access corporate data. Out-of-date apps could put you out of alignment with compliance standards to cause unintentional data leakage.

Last edited 2 years ago by Hank Schless

Recent Posts

Would love your thoughts, please comment.x