Facebook and Messenger are one of the most used social media sites to date. Usually, the site asks for some of the users' personal information. Now, a security research group discovered that the messaging app can be hacked.
According to Imperva which is a security research group, the Messenger can also be penetrated by hackers. Almost a year ago, like what happened to Facebook, the experts said that any website that is exposed to who the consumer has been messaging with are vulnerable to the security breached. Thus, the bug was disclosed to Facebook in May and finally was patched, according to The Verge.
The hackers could target the web browser of a Facebook user. They can exploit iframe elements to see which of the user's friends had talked to and which are not in the user's contact list. But Imperva confirmed that the hackers could not gain any other data after the attack.
Thus, just like the vulnerability in Facebook that has been reported last November, the Messenger would have also been exposed if the users have visited a malicious site using Chrome, and clicked on the site while they are still logged in the social media site. In this case, the hackers have a chance to access and run any queries on a new tab and gather the personal data.
As follows, the site noted that users need to visit a malicious site while logged into Facebook for them to be vulnerable. After Imperva disclosed the issue to Facebook the company tried to issue a fix by randomizing the iframe elements, an HTML element that is vital to the vulnerability. Thus, Imperva gives emphasis that a hacker could still penetrate, as they can still design an algorithm that would continue to expose private messages. Hence, the site removed iframes from its messaging app entirely.
Ron Masa, Israel-based Imperva researchers wrote that "Browser-based side-channel attacks are still an overlooked subject. While big players like Facebook and Google are catching up, most of the industry is still unaware." He pointed out that the technique was not common yet, it could increase in popularity throughout this year, according to BrinkWire.
The report regarding the recent vulnerability surfaces after Facebook CEO Mark Zuckerberg announced the plan to merge Instagram, Messenger, and WhatsApp into a service that would incorporate its products through a single backend. This move will be a position to pivot a "privacy-focused communications platform.
