Hackers Listen to Your Facebook Voice Messages Sent Over Chat




Most people hate typing long messages while chatting on messaging apps, but thanks to voice recording feature provided by WhatsApp and Facebook Messenger, which makes it much easier for users to send longer messages that generally includes a lot of typing effort.

If you too have a habit of sending audio clip, instead of typing long messages, to your friends over Facebook Messenger, you are susceptible to a simple man-in-the-middle (MITM) attack that could leak your private audio clips to the attackers.

What's more worrisome is that the issue is still not patched by the social media giant.





Egyptian security researcher Mohamed A. Baset told about a flaw in Facebook Messenger's audio clip recording feature that could allegedly allow any man-in-the-middle attacker to grab your audio clip files from Facebook's server and listen to your personal voice messages.

Let's understand how this new attack works.



 Facebook Voice Messages


Here's How Attackers can Listen to your Personal Audio Clips:







Whenever you record an audio clip (video message) to send it to your friend, the clip gets uploaded onto the Facebook's CDN server (i.e., https://z-1-cdn.fbsbx.com/...), from where it serves the same audio file, over HTTPS, to both the sender as well as the receiver.

Now, any attacker sitting on your network, running MITM attack with SSL Strip, can actually extract absolute links (including secret authentication token embedded in the URL) to all audio files exchanged between sender and receiver during that process.

Then, the attacker downgrades those absolute links from HTTPS to HTTP, allowing the attacker to direct download those audio files without any authentication.

That's it.


You might be wondering that how hackers are able to download your audio files so easily.


What went Wrong?





This is because Facebook CDN server does not impose HTTP Strict Transport Security (HSTS) policy that forces browsers or user agents to communicate with servers only through HTTPS connections, and helps websites to protect against protocol downgrade attacks.

Secondly, the lack of proper authentication — If a file has been shared between two Facebook users it should not be accessible by anyone except them, even if someone has the absolute URL to their file, which also includes a secret token to access that file.

As an example, Mohamed sent an audio clip to one of his friends over Facebook Messenger and here's the absolute link to the audio file extracted using MITM attack, which anyone can download from Facebook's server, even you, without any authentication.


"GET requests are something that the browsers can remember it in its cache also in its history, Better to have this files played via POST requests with an anti-CSRF token implemented," Mohamed told.

Comments

Popular posts from this blog

How To Hack WIFI WPS pin With Kali Linux

World’s Fastest Camera Takes 5 Trillion Photos Per Second, Can Pause Moving Light

creak – Poison, Reset, Spoof, Redirect MITM Script