It’s easy to make jokes about government agencies using webcams to spy on people, but when it really happens, everyone’s up-in-arms. Even worse, it’s not the government spying on you — it’s the big tech corps we trust with all our personal information. On that note — Facebook just patched a bug that allowed people to snoop on other users through Messenger calls.
Even though we don’t know many people who actually use Messenger to call people, apparently there are people who do (you maniacs). Facebook picked up a bug that allowed anyone to access calls through its messaging app. According to Engadget, the bug was found by Natalie Silvanovich, a Google Project Zero researcher a month before. Which means that Messenger users were susceptible for about a month.
Facebook bug fiasco
This is how it worked: A hacker would need to initiate a call with the hackee (you don’t even have to answer the call, however), after which they’ll send a specially developed invisible message. If this is successful, they’d have backdoor access to all your audio.
It would also need to happen under very specific circumstances — like that both the attacker and the victim would need to have been logged in to Messenger on an Android device. The victim would also have to be logged into Messenger on a web browser — something most people do already.
But the biggest snag is the fact that the attacker would need to have permission to call the person — which means they’d need to be on your friend list. This just reiterates a sentiment that you shouldn’t allow rando’s on your friend’s list.
“Facebook revealed details about this bug as a part of the blog on the 10th anniversary of its bug bounty program. The company said it has paid $11.7 million to security researchers for 6,900 accepted bug reports out of more than 130,000 submitted,” according to TNW. Luckily, Facebook’s squashed that bug, and we hope the infestation stays at bay. But as software goes, a new bug is always imminent.