The vulnerability existed in the Facebook Messenger Rooms video chat feature and exposed Android smartphone users to intrusion.
Nepalese security researcher Samip Aryal has identified a security vulnerability in the Facebook Messenger Rooms video chat feature that lets attackers access any user’s private Facebook photos and videos or submit posts on their behalf.
Astonishingly, this feat can be accomplished without unlocking Android phone, although physical access to the mobile phone or tablet will be necessary.
Arypal received a $3,000 bug bounty for identifying this vulnerability. This Facebook Messenger bug is quite similar to the vulnerability discovered in October 2020 that attackers could use to expose a user’s private/stored videos and view history through the Watch Together feature enabled during a Messenger call.
About the Vulnerability
A proof-of-concept video was submitted to Facebook along with the vulnerability report. It demonstrated how it is possible to compromise a user’s Facebook account by sending an invite to a Messenger Room, making a call, and answering the call from the target device prior to clicking on the chat function. This bug was patched at that time.
Aryal applied a similar hacking technique to the Messenger Rooms ‘room call’ feature and found out that the chat feature can be activated during a call without physic ..
Support the originator by clicking the read the rest link below.
