Slashdot Mirror

← Back to Stories (view on slashdot.org)

Huge Vulnerabilities In Facebook Chat and Messenger Exploitable With Basic HTML (helpnetsecurity.com)

Posted by msmash on from the security-woes dept.

An anonymous reader writes: Check Point's security research team has discovered vulnerabilities in Facebook's standard online Chat function, as well as Messenger app. The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences. To exploit the vulnerability, an attacker simply needed to identify the unique ID for the sent message he or she is targeting.According to the report, Facebook, in conjunction with Check Point's researchers, patched the vulnerability earlier this month.

4 of 40 comments (clear)

  1. After all these years... by __aaclcg7560 · · Score: 3, Funny

    You would think that the element was no longer a security threat.

  2. How do you get the unique ID? by bluefoxlucid · · Score: 4, Interesting

    How do you identify the unique ID of the message? If the message is sent to you (or a group including you), I guess that works. How else?

    If message unique IDs are cryptographically secure--if they're 128-bit random GUIDs from a strong entropy source--then this is like saying an attacker only needs the unique private key to hijack Verisign. If they're akin to the ObjectID in MongoDB--datestamp, machine, process, and 24-bit random counter--then we can go fishing. If the ID is discoverable only by being the logged-in user, then you need a browser-end hijack or a TLS-breaking MITM, in which case there are any number of ways to invisibly send messages and not send messages the user types.

    --
    Support my political activism on Patreon.
    1. Re:How do you get the unique ID? by bluefoxlucid · · Score: 3, Informative

      128 bits when all I have to do to find out whether I have the right 128 bits is to send a request with those 128 bits (potentially base64 encoded to get them transferred) and get a response, these 128 bits are rather trivial to crack.

      If you use a 3GHz CPU to INC from 0 to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF (128 bits) at 1 cycle per INC, 3 billion increments per second, directly in register memory, it would take 3,600,000,000,000,000,000,000 years to count. The universe is 13,772,000,000 years old. That's 260,000,000,000 times the current age of the universe--19 times the square of the age of the universe.

      How trivial is trivial?

      --
      Support my political activism on Patreon.
  3. Messenger and Payments? by JimMcc · · Score: 4, Insightful

    And Facebook wants to use the messenger app to send payments? If they have this much trouble with basic security over social chatting, why should we trust them to handle payment processing? If you can't do the simple things right, you certainly can't be expected to successfully accomplish the difficult things.