Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>A flaw on facebook allowing Hackers to listen to audio chats

A flaw on facebook allowing Hackers to listen to audio chats


A security expert has discovered a flaw in the Facebook Messenger audio clip recording feature that could allow a man-in-the-middle attack in order to capture audio clip files and listen to a user personal voice messages. 
 
Whenever facebook users record an audio clip to send it to their friend, the clip gets uploaded onto the Facebook’s CDN server from where it serves the same audio file, over HTTPS, to both the sender and the receiver. Now any attacker who shares the same network segment running MITM attack with SSL Strip will be able to extract absolute links, including secret authentication token embedded in the URL, to all audio files exchanged between the sender and receiver during that process. The attacker can modify the absolute links from HTTPS to HTTP to download these audio files without authentication.
It can be noted that facebook has not yet patched   the vulnerability.
Source:
Hacker News
 
Security Affairs
 
 
OSINT
 
 
Contact Information
E-mail:
contact@cert.ncb.mu
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis