Recently, a major security flaw was reported to Facebook by a Security firm, which could allow hackers to change chat history in the Facebook Messenger app. This bug had the ability to spread malware or engage in fraud.
It was revealed that the bug can allow hackers to change the code in the app for both desktop and mobile versions. Hackers could have altered the text of past messages. This is demonstrated in a YouTube video.
According to Tech Crunch, a researcher named Roman Zaikin, who works in a security firm named Check Point, discovered the flaw. He said that the loophole could have been used by hackers in their favor to change or delete text, photos, files, links and more. The firm even stated that although a change was made, the victim would not get a push notification.
Earlier this month, Facebook was notified about the flaw and set about fixing it immediately.
Hackers could have used the flaw to deliver a malware to victims by changing a legitimate link to an infected one, and convince the victim to click on it. Otherwise, they could have used it as part of a fraud campaign, as per Sydney Morning Herald.
“A malicious actor can change the history of a conversation to claim he had reached a falsified agreement with the victim, or simply change its terms,” said the firm.
Australian security firm CQR Consulting’s founder Phil Kernick said that the news had legal implications. There are instances where the chat history can be used as evidence, but fabricated chat history can leave the victim in the hot water.
“It makes the ‘my Facebook Messenger was hacked’ defense suddenly possible, whereas previously it was wishful thinking,” said Kernick.
For instance, in the Hulk Hogan defamation case, news site Gawker’s internal conversation on office chat platform Slack was used as legal evidence earlier this year.
The latest report indicates that Facebook is planning to enhance Messenger’s security by adding end-to-end encryption similar to that of WhatsApp and iMessage.