Story image

Facebook Messenger hack exposed: Expert insights and advice

14 Jun 2016

A recently discovered vulnerability in Facebook Messenger could have had monumental consequences.

Check Point Software Technologies discovered the flaw, which would have allowed an attacker to modify or remove any sent message, photo, file or link. Fortunately, the breach was disclosed immediately to Facebook‘s security team, and the backdoor was patched up in short time.

In a blog post, Check Point head of products vulnerability research Oded Vanunu notes that by exploiting this backdoor, cybercriminals could change a whole chat thread without the victim realising.

“What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” he says. “We applaud Facebook for such a rapid response and putting security first for their users.”

What can you do?

Dan Slattery, senior information security analyst at global cyber-security firm, Webroot, says that while the actual flaw within Facebook’s system has not been yet fully determined, there are a number of actions that individuals can take to protect themselves on the social network.

“With Facebook’s significance continuing to grow, it is becoming more and more important for users to turn on and regularly check their security measures,” Slattery says. “Here are four steps users can take to help protect themselves from hacking threats:

1. Have a unique, strong password that is not used anywhere else

2. Turn on Two Factor Authentication. Facebook calls this ‘Login Approvals’ and can be turned on in SETTINGS > SECURITY > LOGIN APPROVALS.

3. Manage active logged in sessions (Settings > Security > “Where You’re Logged In”) If you see anything you don’t recognise you can end that session, or you can wipe everything but your current session by clicking on “End All Activity” – You would then need to log back in everywhere you use Facebook.

4. Clear out any Apps that you have given permissions to your account that you no longer use. The complete list can be found in Settings > Apps.”

It is clear that in today’s increasingly digital (and increasingly dangerous) world, it is becoming more and more important for individuals and businesses to be proactive and take the initiative when it comes to their cyber security.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.