Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the crayon-syntax-highlighter domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the otw_dcsw domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home1/ktech37/public_html/wp-includes/functions.php on line 6114
Hackers Can Listen your Private Facebook Voice Message » KryptosTechnology

Hackers Can Listen your Private Facebook Voice Message

Leave a Comment / Cyber Security / By





hackers can listen private facebook voice message
Personally, I don’t use Facebook Messenger’s voice messaging feature very often. But, there are millions of people out there who use this feature every day. It lets one communicate easily by ditching the typing effort. But, in its current state, Facebook’s voice messaging service is vulnerable.

A

security researcher has uncovered a loophole in Facebook’s security that allows a hacker to listen to you private Facebook voice messages sent over chat. This is possible due to the lack of proper authentication and HSTS policy on Facebook’s CDN servers. While Facebook has acknowledged the bug, it’s yet to patch it. The company has also said that it’s working to roll out HSTS to its subdomains.




The audio clips that you share over the blue messaging app are prone to a simple man-in-the-middle (MITM) attack. This hack was uncovered by the Egyptian security researcher Mohamed A. Baset, The Hacker News reports.

How can hackers listen to your Facebook voice message?

Whenever a person records an audio clip and sends it to some other person, the clip is uploaded to Facebook’s CDN. From there, the file is served to sender and receiver. This transfer takes place over HTTPS.

Consider a scenario where an attacker having an access to your network runs MITM attack with SSL Strip. He/she can extract the absolute links — along with secret authentication token embedded in the URL — of all files being exchanged. This allows the hackers to grab those files easily.

What Is HTTP 2 And How it Works

HSTS (HTTP Strict Transport Security) is a recent technology that improves the security on the internet by forcing your browsers to access a website only over an HTTPS connection. Facebook’s CDN doesn’t implement HSTS policy.




Added to that, Facebook also lacks proper authentication. It results in downloading of a file by a person with the help of an absolute URL.

Here’s a proof-of-concept video of the Facebook voice messages CDN hack:



The bug is still unpatched

Surprisingly, Facebook hasn’t patched this bug yet. While the company has acknowledged the bug, it didn’t offer any bug bounty. “The fact that we have not rolled it (HSTS) out on particular subdomains does not constitute a valid report under our program,” the company said.




Did you find this story on Facebook voice messaging bug interesting? Do share your views and feedback.

Hackers Are Now Using Phishing Attack Against Gmail Login Page