{"id":116199,"date":"2020-11-20T08:58:41","date_gmt":"2020-11-20T05:58:41","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/facebook-patches-a-messenger-bug-that-allowed-others-to-snoop-on-your-calls\/"},"modified":"2020-11-20T08:58:41","modified_gmt":"2020-11-20T05:58:41","slug":"facebook-patches-a-messenger-bug-that-allowed-others-to-snoop-on-your-calls","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/facebook-patches-a-messenger-bug-that-allowed-others-to-snoop-on-your-calls\/","title":{"rendered":"#Facebook patches a Messenger bug that allowed others to snoop on your calls"},"content":{"rendered":"

#Facebook<\/a> patches a Messenger bug that allowed others to snoop on your calls<\/strong>”
\n<\/p>\n

\n We often joke around that hackers or government agencies are listening to our calls. Facebook just patched a bug that would\u2019ve allowed anyone to snoop on your calls on Messenger.<\/p>\n

The bug was found by\u00a0Google Project Zero researcher\u00a0Natalie Silvanovich<\/a> last month, and it affected Messenger\u2018s Android users. To start the attack, the hacker would have to initiate a call and send a specially crafted invisible message. Then they could listen to your audio, even if you don\u2019t pick up the call.\u00a0<\/span><\/p>\n

Thankfully, this vulnerability was only exploitable in special circumstances and required specific tools. For instance,\u00a0both the attacker and the victim would need to have been logged in to Messenger for Android. In addition to that, the victim also needed to be logged into Messenger through a web browser.\u00a0<\/span>What\u2019s more, the attacker would need permission to call the victim\u00a0 \u2014 meaning, they\u2019d have to already be on the victim\u2019s friend list.<\/p>\n

Last year, App<\/a>le fixed the bug that let your contacts eavesdrop on you through FaceTime.\u00a0Silvanovich said after this exploit was found, she began to research other apps. Till now, she\u2019s managed to find bugs<\/a> in other communication apps such as Signal<\/a>, Mocha<\/a>, and JioChat; all of them have been patched.\u00a0<\/span><\/p>\n

Facebook revealed details about this bug as a part of the blog on the 10th anniversary of its bug bounty program. The company said it has paid $11.7 million to security researchers for 6,900 accepted bug reports out of more than 130,000 submitted.<\/p>\n

Last month, the social network unveiled a new loyalty program, called Hacker Plus, to further incentivize bug sleuths discovering vulnerabilities in Facebook\u2019s platforms.<\/p>\n

You can read the full technical description of the vulnerability here<\/a>.<\/p>\n<\/p><\/div>\n