Recently, a security researcher revealed a severe security flaw in Facebook Messenger that allows a hacker to listen to your private Facebook voice messages sent over chat.
This Simple Hack Allows Hackers To Listen Your Facebook Voice Messages
The voice messages on services like WhatsApp or Facebook Messenger, you either love or hate surely it simplify the long conversations even if someone sometimes is abused. But the most unpleasant thing is whether, in addition to the intended recipient, someone else would listen to our audio files.
The flaw of Facebook Messenger. The audio files sent through Messenger may be subject to an MITM attack, or man in the middle. This might make it accessible to other people voice conversations sent, on private or group chat on Facebook’s instant messaging service.
The most worrying thing is that the social media, for now, has not put a stop to this problem. As explained to The Hacker News, Mohamed A. Baset, an Egyptian security researcher, a defect in your Messenger settings makes all your audio files vulnerable. Any cyber criminal can, in this way, listen to what we say to our friends.
Whenever we record a sound clip to send to our friend, the file is uploaded to the Facebook CDN server (for example, https: //z-1-cdn.fbsbx.com / …), where the same sound file, on HTTPS, it is made available for both the sender and the receiver.
Now during this process, for a lack of proper authentication and HSTS policy on Facebook’s CDN servers, any hacker can implement a man-in-the-middle attack and listen to other people’s conversations. Also, the cyber criminal will be able to move the audio files from HTTPS to HTTP and can easily download them quickly.
However, when questioned on the issue, developers of Facebook responded that it will shortly increase security in their applications which will simply prevent other users or hackers to access confidential information. The social media, however, did not give a precise date for this release so until then the advice is to avoid as much as possible to send audio files on Messenger containing confidential information, bank or sensitive data simply to avoid possible unpleasant consequences.