A recently discovered vulnerability in Facebook Messenger could have had monumental consequences.
Check Point Software Technologies discovered the flaw, which would have allowed an attacker to modify or remove any sent message, photo, file or link. Fortunately, the breach was disclosed immediately to Facebook‘s security team, and the backdoor was patched up in short time.
In a blog post, Check Point head of products vulnerability research Oded Vanunu notes that by exploiting this backdoor, cybercriminals could change a whole chat thread without the victim realising.
“What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” he says. “We applaud Facebook for such a rapid response and putting security first for their users.”
What can you do?
Dan Slattery, senior information security analyst at global cyber-security firm, Webroot, says that while the actual flaw within Facebook’s system has not been yet fully determined, there are a number of actions that individuals can take to protect themselves on the social network.
“With Facebook’s significance continuing to grow, it is becoming more and more important for users to turn on and regularly check their security measures,” Slattery says. “Here are four steps users can take to help protect themselves from hacking threats:
1. Have a unique, strong password that is not used anywhere else
2. Turn on Two Factor Authentication. Facebook calls this ‘Login Approvals’ and can be turned on in SETTINGS > SECURITY > LOGIN APPROVALS.
3. Manage active logged in sessions (Settings > Security > “Where You’re Logged In”) If you see anything you don’t recognise you can end that session, or you can wipe everything but your current session by clicking on “End All Activity” – You would then need to log back in everywhere you use Facebook.
4. Clear out any Apps that you have given permissions to your account that you no longer use. The complete list can be found in Settings > Apps.”
It is clear that in today’s increasingly digital (and increasingly dangerous) world, it is becoming more and more important for individuals and businesses to be proactive and take the initiative when it comes to their cyber security.