Ysrael Gurt, the security researcher at BugSec and Cynet has discovered a critical vulnerability in Facebook Messenger that could allow an attacker to read all your private conversation, affecting the privacy of around 1 Billion Messenger users.
Gurt has found security vulnerability on Facebook, which also potentially affects millions of websites using origin null restriction checks, threatening user privacy and opening site visitors up to malicious entities.
The hack, dubbed “Originull,” enables an attacker to access and view all of a user’s private chats, photos and other attachments sent via Facebook Messenger.
The root cause of this vulnerability was misconfigured cross-origin header implementation on Facebook’s chat server domain, which allowed an attacker to bypass origin checks and access Facebook messages from an external website.
Normally, the browser protects Messenger users from such occurrences by only allowing Facebook pages to access this information. However, Facebook opens a “bridge,” in order to enable “subsites” of Facebook.com to access Messenger information.
A vulnerability in the manner in which Facebook manages the identity of these subsites makes it possible for a malicious website to access private Messenger chats, Ysrael Gurt described in his post.
Gurt has also released a proof-of-concept video demonstration of the Originull vulnerability, which shows the cross-origin bypass-attack in action.
The researcher disclosed the severe vulnerability to Facebook through its Bug Bounty program. The Facebook security team acknowledged the issue and patched the vulnerable component.
To read the complete findings, download the Facebook Originull Privacy Hack Report.