Corrected a company Facebook is a security vulnerability in the Messenger platform application for Android, as this vulnerability allowed attackers to spy on users without their knowledge.
The Messenger platform application for Android has been installed on more than one billion Android devices, according to the official page of the application within the Google Play Store.
And I found out (Natalie Silvanovich) Natalie Silvanovich, a security researcher on the AMAN team Project Zero Affiliate of Google, the vulnerability.
The researcher said: The vulnerability exists in the way to implement the WebRTC protocol used by the Messenger platform application To make audio and video calls.
The problem is the SDP protocol, which is part of the WebRTC protocol, and handles the SDP protocol Session data for WebRTC connections.
Silvanovic found that the SDP message for automatic approval of WebRTC connections can be misused without user intervention.
It takes a few seconds to exploit the flaw, depending on To report Silvanovic’s mistake, however, the attacker must have permissions – that is, be among the user’s friends on Facebook – to contact the person on the other end.
A Google researcher reported the problem to Facebook last month, and the social media giant corrected it with a server-side update to Messenger.
In a message on Twitter, Silvanovic said: Facebook gave her $ 60,000 as a reward for reporting the problem.
And theShe said Facebook, which has also made a $ 60,000 donation of its own to GiveWell: The Silvanovic Prize is one of our top three awards we’ve ever had. $ 60K, reflecting the maximum potential impact.
And in previous years, Silvanovic had also found and reported similar issues with other instant messaging apps, which is one of her areas of expertise.
In October 2018, it discovered a bug in the WhatsApp app for Android and iOS that would allow attackers to take control of the app after the user responded to a video call.
In July 2019, the researcher found four non-interactive errors in the iMessage app, and in the same month, she discovered a fifth iMessage bug that could have been used to sabotage iPhones.
– Natalie Silvanovich (@natashenka) November 19, 2020