Huge Vulnerabilities In Facebook Chat and Messenger Exploitable With Basic HTML

An anonymous reader writes: Check Point's security research team has discovered vulnerabilities in Facebook's standard online Chat function, as well as Messenger app. The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences. To exploit the vulnerability, an attacker simply needed to identify the unique ID for the sent message he or she is targeting.According to the report, Facebook, in conjunction with Check Point's researchers, patched the vulnerability earlier this month.

Re:How do you get the unique ID?

[bluefoxlucid]

128 bits when all I have to do to find out whether I have the right 128 bits is to send a request with those 128 bits (potentially base64 encoded to get them transferred) and get a response, these 128 bits are rather trivial to crack.

If you use a 3GHz CPU to INC from 0 to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF (128 bits) at 1 cycle per INC, 3 billion increments per second, directly in register memory, it would take 3,600,000,000,000,000,000,000 years to count. The universe is 13,772,000,000 years old. That's 260,000,000,000 times the current age of the universe--19 times the square of the age of the universe.

How trivial is trivial?