Story image

Facebook Messenger hack exposed: Expert insights and advice

14 Jun 16

A recently discovered vulnerability in Facebook Messenger could have had monumental consequences.

Check Point Software Technologies discovered the flaw, which would have allowed an attacker to modify or remove any sent message, photo, file or link. Fortunately, the breach was disclosed immediately to Facebook‘s security team, and the backdoor was patched up in short time.

In a blog post, Check Point head of products vulnerability research Oded Vanunu notes that by exploiting this backdoor, cybercriminals could change a whole chat thread without the victim realising.

“What’s worse, the hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations,” he says. “We applaud Facebook for such a rapid response and putting security first for their users.”

What can you do?

Dan Slattery, senior information security analyst at global cyber-security firm, Webroot, says that while the actual flaw within Facebook’s system has not been yet fully determined, there are a number of actions that individuals can take to protect themselves on the social network.

“With Facebook’s significance continuing to grow, it is becoming more and more important for users to turn on and regularly check their security measures,” Slattery says. “Here are four steps users can take to help protect themselves from hacking threats:

1. Have a unique, strong password that is not used anywhere else

2. Turn on Two Factor Authentication. Facebook calls this ‘Login Approvals’ and can be turned on in SETTINGS > SECURITY > LOGIN APPROVALS.

3. Manage active logged in sessions (Settings > Security > “Where You’re Logged In”) If you see anything you don’t recognise you can end that session, or you can wipe everything but your current session by clicking on “End All Activity” – You would then need to log back in everywhere you use Facebook.

4. Clear out any Apps that you have given permissions to your account that you no longer use. The complete list can be found in Settings > Apps.”

It is clear that in today’s increasingly digital (and increasingly dangerous) world, it is becoming more and more important for individuals and businesses to be proactive and take the initiative when it comes to their cyber security.

Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.