Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Technology
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Visual Stories
  • Reviews
  • Phone Reviews
  • Fitness Bands Reviews
  • Speakers Reviews
  • Find Cricket Statistics
Hindi
More
In the news
Google
Motorola
Indian Space Research Organisation (ISRO)
Smartwatches
OnePlus 10T
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Technology
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Visual Stories
Reviews
Phone Reviews
Fitness Bands Reviews
Speakers Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Technology News / This Facebook Messenger bug exposed who you chat with
Technology

This Facebook Messenger bug exposed who you chat with

This Facebook Messenger bug exposed who you chat with
Written by Shubham Sharma
Mar 08, 2019, 01:35 pm 3 min read
This Facebook Messenger bug exposed who you chat with

Just a day after Mark Zuckerberg's promise of a more private Facebook, security firm Imperva has revealed a vulnerability that marred the platform. The bug, discovered last year, compromised Facebook Messenger and potentially exposed who you had been chatting with. However, Facebook, when informed by the company, took care of the issue. Here's how the bug revealed information about Messenger contacts.

Issue
Browser-based iFrame attack to extract Messenger contacts

A few months back, Imperva's researchers revealed a 'cross-site request forgery' attack that potentially allowed attackers to access likes, location history, and interests of Facebook users. Now, they have detailed a loosely connected browser-based attack, where hackers could have exploited iFrame properties - used for embedding content like ad/web-pages within web pages - to see who you've been in contact with on Facebook.

Information
However, contact info is the only thing the bug exposed

Notably, the bug only exposed information about the people the target had been in contact with and if they were in the target's friends list. Except this, no other information was compromised, including the messages involved.

Attack
And, the attack vector is pretty similar

As the bug in question is exploited through a web browser, Imperva says a bad actor could have carried out this attack by baiting a logged-in Facebook user to click on a malicious link. It would have redirected the target to an infected page, where clicking on anything would have allowed the attacker to run queries and see the messenger contacts.

Fix
Facebook patched issue as it was flagged

After the issue was reported in November, Facebook tried randomizing iFrame elements to prevent the attack from being carried out. However, the initial fix from the company didn't work and Imperva's researchers were able to redesign their algorithm to extract Messenger contact. Following this, Facebook removed all iFrame elements altogether to mitigate the risk of the issue.

Quote
Here's what Facebook said on the issue

"The issue in his report stems from the way web browsers handle content embedded in webpages and is not specific to Facebook," a Facebook spokesperson said, adding that they've "updated the web version of Messenger to ensure this browser behavior isn't triggered on our service."

Possibility
Such attacks could increase with time

Seeing two attacks of the same kind within months shows that browser-based hacks could see an upward tick in the near future. Imperva's Ron Masas, who flagged this bug, claimed the technique isn't common but can become popular in 2019. "While big players like Facebook and Google are catching up, most of the industry is still unaware," he emphasized in a blog.

Privacy focus
Also, Facebook wants to focus on privacy now

The disclosure of this bug also comes just a day after Mark Zuckerberg promised enhanced privacy on Facebook, which has been reeling from scandals like Cambridge Analytica and a massive data breach compromising 30 million people. Essentially, the Facebook boss plans to focus on private communication with a unified infrastructure of WhatsApp, Instagram, and Messenger and features like end-to-end encryption and automatically deleting messages.

Share this timeline
Facebook
Whatsapp
Twitter
Linkedin
Shubham Sharma
Shubham Sharma
Twitter
Editor with over five years of experience in covering all things science, consumer tech, space tech, AI, infosec, and business. A commerce graduate from University of Lucknow. I have been handling Tech beat at NewsBytes since 2018.
Latest
Facebook
WhatsApp
Facebook Messenger
Mark Zuckerberg
Cambridge Analytica
Related
Latest
Samsung Galaxy Fold4 v/s Xiaomi FOLD 2: Which is better?
Samsung Galaxy Fold4 v/s Xiaomi FOLD 2: Which is better? Technology
Ezra Miller breaks silence on all their controversies; seeks treatment
Ezra Miller breaks silence on all their controversies; seeks treatment Entertainment
Should you buy Ola S1 electric scooter or S1 Pro?
Should you buy Ola S1 electric scooter or S1 Pro? Auto
47 years of Rajinism: Rajinikanth's daughter Aishwaryaa pens heartwarming note
47 years of Rajinism: Rajinikanth's daughter Aishwaryaa pens heartwarming note Entertainment
Pakistan beat the Netherlands in first ODI: Key stats
Pakistan beat the Netherlands in first ODI: Key stats Sports
Facebook
How to redeem Garena Free Fire MAX August 16 codes
How to redeem Garena Free Fire MAX August 16 codes Technology
Garena Free Fire MAX August 15 codes: How to redeem?
Garena Free Fire MAX August 15 codes: How to redeem? Technology
How to redeem Garena Free Fire MAX's August 14 codes?
How to redeem Garena Free Fire MAX's August 14 codes? Technology
Free Fire MAX's August 13 codes: Here's how to redeem
Free Fire MAX's August 13 codes: Here's how to redeem Technology
Garena Free Fire MAX August 12 codes: How to redeem?
Garena Free Fire MAX August 12 codes: How to redeem? Technology
More News
WhatsApp
WhatsApp brings screenshot blocking, hiding online status, and more features
WhatsApp brings screenshot blocking, hiding online status, and more features Technology
New WhatsApp feature: Delete sent messages even after 2 days
New WhatsApp feature: Delete sent messages even after 2 days Technology
WhatsApp tests hiding phone numbers from sub-groups in Communities
WhatsApp tests hiding phone numbers from sub-groups in Communities Technology
Delhi-NCR folks can book Uber rides via WhatsApp: Here's how
Delhi-NCR folks can book Uber rides via WhatsApp: Here's how Business
WhatsApp India banned over 22 lakh 'bad accounts' in June
WhatsApp India banned over 22 lakh 'bad accounts' in June Technology
More News
Facebook Messenger
Facebook is testing new Discord-like features on Groups
Facebook is testing new Discord-like features on Groups Technology
Mark Zuckerberg lost $6 billion during Facebook outage: Details here
Mark Zuckerberg lost $6 billion during Facebook outage: Details here Business
Here's what caused the longest Facebook outage last night
Here's what caused the longest Facebook outage last night Technology
#FacebookDown: Facebook, WhatsApp, Instagram are all down for users worldwide
#FacebookDown: Facebook, WhatsApp, Instagram are all down for users worldwide Technology
Facebook spotted testing voice, video calling using main app again
Facebook spotted testing voice, video calling using main app again Technology
More News
Mark Zuckerberg
Facebook, WhatsApp's parent company reports revenue decline for first time
Facebook, WhatsApp's parent company reports revenue decline for first time Business
Instagram users can now pay for purchases directly in Chat
Instagram users can now pay for purchases directly in Chat Technology
Now, you can react to WhatsApp message with any emoji
Now, you can react to WhatsApp message with any emoji Technology
Meta's COO Sheryl Sandberg is stepping down after 14 years
Meta's COO Sheryl Sandberg is stepping down after 14 years Business
WhatsApp Communities and other updates coming this year
WhatsApp Communities and other updates coming this year Technology
More News
Cambridge Analytica
Facebook data breach: CBI books Cambridge Analytica, Global Science Research
Facebook data breach: CBI books Cambridge Analytica, Global Science Research Business
Only 18 percent of surveyed Indians might continue using WhatsApp
Only 18 percent of surveyed Indians might continue using WhatsApp Technology
Facebook fined $650 million for collecting facial recognition data inappropriately
Facebook fined $650 million for collecting facial recognition data inappropriately Technology
Threat to life, alleges Facebook employee amid hate speech row
Threat to life, alleges Facebook employee amid hate speech row India
Again! Facebook data of over 26 crore people leaked online
Again! Facebook data of over 26 crore people leaked online Technology
More News
Related
Facebook launches cross-app group chats for Instagram and Messenger users
Facebook launches cross-app group chats for Instagram and Messenger users Technology
Next News Article
Next News Article

Love Technology news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Technology News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Mukesh Ambani Indian Premier League (IPL) Karnataka Samsung Xiaomi West Bengal
Bihar Virat Kohli Rohit Sharma Haryana Narendra Modi Arvind Kejriwal Tamil Nadu Gujarat Yogi Adityanath YouTube
Instagram Hollywood News Uttar Pradesh Kerala Netflix Bollywood News Mamata Banerjee Maruti Suzuki Rahul Gandhi Elon Musk
Shah Rukh Khan Chelsea FC OPPO Akhilesh Yadav Indian Cricket Team Apple Manchester United Salman Khan Cryptocurrency OnePlus
Amitabh Bachchan ICC Women's World Cup Vivo India vs Sri Lanka
About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive IPL 2022 Schedule IPL 2022 Points Table Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2022