As a result of a security flaw in Facebook's Messenger Rooms video chat function, attackers are able to gain access to a victim's private Facebook photographs and videos, as well as submit posts, from their locked Android screen. Messenger Rooms, Facebook's newest video conferencing service, allows up to 50 individuals to video chat at the same time. You can converse for as long as you want, and you don't need a Facebook account to join a room.
Rooms calls, like Zoom calls, are not secured end-to-end. Unless you change your preferences, the room will be open to anybody you're friends with on Facebook when you create it; they'll not only be able to join, but they'll also see it at the top of their News Feed. According to a proof-of-concept video supplied to Facebook with the vulnerability report, a user's Facebook account may be hacked by inviting them to a Messenger Room, then calling and answering the call from the target device before clicking on the chat function.
Despite the fact that physical access to a victim's device is required, the assault could be carried out without the victim's smartphone or tablet being unlocked, earning Nepalese security researcher Samip Aryal a $3,000 bug bounty.
Aryal's newest discovery was inspired by a similar Facebook Messenger flaw he discovered in October 2020, in which users' private, saved videos and watching history might be exposed during a Messenger call via the Watch Together function. The fault, which could be exploited by an attacker with physical access to a locked Android smartphone, was patched along with other comparable flaws by requiring users to unlock their phones before utilizing the ..
Support the originator by clicking the read the rest link below.
