sb-nz logo
Story image

Facebook Messenger hack exposed: Expert insights and advice

14 Jun 2016

A recently discovered vulnerability in Facebook Messenger could have had monumental consequences.

Check Point Software Technologies discovered the flaw, which would have allowed an attacker to modify or remove any sent message, photo, file or link. Fortunately, the breach was disclosed immediately to Facebook‘s security team, and the backdoor was patched up in short time.

In a blog post, Check Point head of products vulnerability research Oded Vanunu notes that by exploiting this backdoor, cybercriminals could change a whole chat thread without the victim realising.

“What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” he says. “We applaud Facebook for such a rapid response and putting security first for their users.”

What can you do?

Dan Slattery, senior information security analyst at global cyber-security firm, Webroot, says that while the actual flaw within Facebook’s system has not been yet fully determined, there are a number of actions that individuals can take to protect themselves on the social network.

“With Facebook’s significance continuing to grow, it is becoming more and more important for users to turn on and regularly check their security measures,” Slattery says. “Here are four steps users can take to help protect themselves from hacking threats:

1. Have a unique, strong password that is not used anywhere else

2. Turn on Two Factor Authentication. Facebook calls this ‘Login Approvals’ and can be turned on in SETTINGS > SECURITY > LOGIN APPROVALS.

3. Manage active logged in sessions (Settings > Security > “Where You’re Logged In”) If you see anything you don’t recognise you can end that session, or you can wipe everything but your current session by clicking on “End All Activity” – You would then need to log back in everywhere you use Facebook.

4. Clear out any Apps that you have given permissions to your account that you no longer use. The complete list can be found in Settings > Apps.”

It is clear that in today’s increasingly digital (and increasingly dangerous) world, it is becoming more and more important for individuals and businesses to be proactive and take the initiative when it comes to their cyber security.

Story image
Got crypto? Pay tax – A quick look at IR's new crypto-asset guidance
Inland Revenue's new guidance aims to provide more certainty for New Zealand taxpayers who hold crypto-assets, and to help people ‘get things right from the start’.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Link image
Data is an organisation's most significant asset - here's how to protect it
Data resilience strategies are becoming more crucial as more value is ascribed to a company's data. If it's not stored securely and cost-effectively, expect problems.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More