{"id":1275,"date":"2020-11-20T05:58:41","date_gmt":"2020-11-20T05:58:41","guid":{"rendered":"https:\/\/thenextweb.com\/?p=1328877"},"modified":"2020-11-20T05:58:41","modified_gmt":"2020-11-20T05:58:41","slug":"facebook-patches-a-messenger-bug-that-allowed-others-to-snoop-on-your-calls","status":"publish","type":"post","link":"https:\/\/www.londonchiropracter.com\/?p=1275","title":{"rendered":"Facebook patches a Messenger bug that allowed others to snoop on your calls"},"content":{"rendered":"\n<div><img decoding=\"async\" src=\"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&amp;fit=1280%2C640&amp;url=https%3A%2F%2Fcdn0.tnwcdn.com%2Fwp-content%2Fblogs.dir%2F1%2Ffiles%2F2020%2F11%2Fbrett-jordan-xdBNTAdqU3A-unsplash-1.jpg&amp;signature=56a9dd00605f77f49ac2a85e4c3d3984\" class=\"ff-og-image-inserted\"><\/div>\n<p>We often joke around that hackers or government agencies are listening to our calls. Facebook just patched a bug that would\u2019ve allowed anyone to snoop on your calls on Messenger.<\/p>\n<p>The bug was found by&nbsp;Google Project Zero researcher&nbsp;<span><a href=\"https:\/\/twitter.com\/natashenka\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Natalie Silvanovich<\/a> last month, and it affected Messenger\u2018s Android users. To start the attack, the hacker would have to initiate a call and send a specially crafted invisible message. Then they could listen to your audio, even if you don\u2019t pick up the call.&nbsp;<\/span><\/p>\n<p>Thankfully, this vulnerability was only exploitable in special circumstances and required specific tools. For instance,&nbsp;<span>both the attacker and the victim would need to have been logged in to Messenger for Android. In addition to that, the victim also needed to be logged into Messenger through a web browser.&nbsp;<\/span>What\u2019s more, the attacker would need permission to call the victim&nbsp; \u2014 meaning, they\u2019d have to already be on the victim\u2019s friend list.<\/p>\n<p>Last year, Apple fixed the bug that <a href=\"https:\/\/thenextweb.com\/apple\/2019\/01\/29\/apple-temporarily-disables-group-facetime-to-fix-a-bug-that-lets-you-eavesdrop-on-your-contacts\/\">let your contacts eavesdrop on you through FaceTime<\/a>.&nbsp;<span>Silvanovich said after this exploit was found, she began to research other apps. Till now, she\u2019s <a href=\"https:\/\/www.wired.com\/story\/facebook-messenger-bug-bounty\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">managed to find bugs<\/a> in other communication apps such as <a href=\"https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1943&amp;q=signal%20label:Finder-natashenka&amp;can=1\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Signal<\/a>, <a href=\"https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=2064&amp;q=mocha%20label:Finder-natashenka&amp;can=1\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Mocha<\/a>, and JioChat; all of them have been patched.&nbsp;<\/span><\/p>\n<p>Facebook revealed details about this bug as a part of the blog on the 10th anniversary of its bug bounty program. The company said it has paid $11.7 million to security researchers for 6,900 accepted bug reports out of more than 130,000 submitted.<\/p>\n<p>Last month, the social network <a href=\"https:\/\/thenextweb.com\/security\/2020\/10\/09\/facebook-now-has-a-loyalty-program-for-its-bug-bounty-hunters-on-its-platform\/\">unveiled a new loyalty program<\/a>, called Hacker Plus, to further incentivize bug sleuths discovering vulnerabilities in Facebook\u2019s platforms.<\/p>\n<p>You can read the full technical description of the vulnerability <a href=\"https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=2098\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">here<\/a>.<\/p>\n<p> <a href=\"https:\/\/thenextweb.com\/security\/2020\/11\/20\/facebook-patches-a-messenger-bug-that-allowed-others-to-snoop-on-your-calls\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We often joke around that hackers or government agencies are listening to our calls. Facebook just patched a bug that would\u2019ve allowed anyone to snoop on your calls on Messenger. The bug&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1276,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1275"}],"collection":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1275"}],"version-history":[{"count":0,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/posts\/1275\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=\/wp\/v2\/media\/1276"}],"wp:attachment":[{"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.londonchiropracter.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}