Facebook Messenger bug reveals a list of people you’ve been chatting with

Mail Online | 3/8/2019 | Yuan Ren For Mailonline
jster97 (Posted by) Level 3
Click For Photo: https://i.dailymail.co.uk/1s/2019/03/08/12/5001982-0-image-a-5_1552048690249.jpg

Facebook users face new privacy concerns as yet another security breach could be giving away the names of people they have been messaging.

Hackers trying to gain access to private accounts need only to get users to click a video link, which would be easily disguised as regular content.

Loophole - Hackers - Contacts - User - Facebook

The loophole then lets hackers check which contacts had recently engaged with the user over Facebook Messenger.

The flaw comes the day after CEO Mark Zuckerberg announced a 'privacy-focused future' for its users.

Privacy - Exposé - Ron - Masas - Imperva

The latest privacy exposé was made by Ron Masas from Imperva, an online privacy monitoring website.

Mr Masas called the latest vulnerability a 'side-channel attack, performed on an end user’s web browser', and has made Facebook aware of the vulnerability.

Attack - Something - 'iframe - User - Boxes

The attack exploits something called the 'iframe', which is used to to see whether a user has been or is actively engaging with chat boxes in the Facebook messenger app.

The chat box in the messenger app, as well as the contact list, are rendered in iframes.

Mr - Masas - User - Contact - User

Mr Masas said: 'When the current user has not been in contact with a specific user, the iframe count would reach three and then always drop suddenly for a few milliseconds.

'This lets an attacker reliably distinguish between the full and empty states. This could let him remotely check if the current user has chatted with a specific person or business, which would violate those users’ privacy.'

Frame - Count - Data - Time - Ways

'By recording the frame count data over time, I found two new ways to leak cross-origin information.

'By looking at patterns instead of a static...
(Excerpt) Read more at: Mail Online
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!