How to hack a Facebook account? It is probably the biggest “n00b” question you will see on the Internet.
The solution for this query is hard to find — but recently researchers have shown that how you can modify or alter your messages once you have pressed the SEND button in Facebook Messenger.
Here’s How the Exploit Works:
The exploit works on the way Facebook assigns identities to chat messages. Each chat message has a unique “message_id” identifier that could be revealed by sending a request to http://www.facebook.com/ajax/mercury/thread_info.php.
Once message_id is identified, an attacker could alter its respective message content and send it back to Facebook servers which accept the new content as legitimate and push it back to the victim’s PC or mobile device.
“By exploiting this vulnerability, cyber criminals could change a whole chat thread without the victim realizing,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point.
“What’s worse. The hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations. We applaud Facebook for such a rapid response and putting security first for their users.”
Researchers discovered the vulnerability earlier this month and notified Facebook about the flaw.
The social networking giant promptly moved to fix the vulnerability, though Facebook explained that the flaw only affected its Messenger app on Android.
“Based on our investigation, this simple misconfiguration in the Messenger app on Android turned out to be a low-risk issue, and it’s already been fixed,” Facebook wrote in its blog post published Tuesday.
Additionally, Facebook claims the vulnerability could not be exploited to infect its users’ PCs with malicious software, as the company is using anti-spam and anti-virus filters to detect malware and spams.