sb-nz logo
Story image

Facebook MaliciousChat vulnerability reveals dangerous ransomware exploit

08 Jun 2016

 Check Point Security recently discovered a vulnerability in Facebook One Chat and Messenger app that could allow cyber attackers to control and manipulate any Facebook chat conversation.

Check Point Security Researcher found that the Facebook MaliciousChat vulnerability can delete or change any sent message, photo, file or link sent through the chat windows.

Facebook has since patched the vulnerability, but Check Point believes these types of attacks and their vectors could be disastrous for businesses and consumers who use Facebook.

“By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realising. What’s worse, rhe hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” Oded Vanunu, head of products vulnerability research at Check Point, says.

The implications of the vulnerability, accessed via manipulation of the 'message_id' parameter, allows hackers access to easy ransomware demands. Check Point says although ransomware attacks only last a number of days before security vendors block the attacks, hackers can still develop ways to keep ahead of security measures.

Chat conversations can be used as legal evidence in investigations, so the vulnerability demonstrates how hackers can conceal evidence or incriminate innocent users.

Check Point says the vulnerability can also be used as a vehicle for malware, as the links can be changed to malicious ones that would look legitimate because of their sources as trusted chat partners.

Vanunu says Facebook has done a commendable job of quickly patching the issue.

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
COVID-19 crushes fingerprint reader market
However, the biometrics market is expected to regain momentum with alternatives already beginning to find their feet.More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More