After the recent discovery of a security vulnerability that allowed hackers to alter messages and links sent through Facebook Messenger, by researchers at Checkpoint, the social media giant immediately patched the flaw… but a recent expose, appearing on Medium, revealed that links sent privately through the Messenger system can be read by anyone.
After Inti De Ceukelaire, a reporter/researcher from Medium, contacted Facebook to highlight the security issue, the company replied by saying that this was “intentional behavior” and suggested there would be no attempts to address the vulnerability.
It was discovered by researchers that the official developer’s application Facebook Crawler could be exploited to see what links had been sent through the private messaging application. The Facebook Crawler works by assigning website links and attachments an identification number, and then stores this information.
Once a link is shared and assigned a number, information about the link is then accessible to anyone simply by searching for the identification number. All objects stored on Facebook, whether it’s a picture, a status, or a link, are given a unique, non-chronological identification number.
De Ceukelaire discovered that with the proper identification number, it was possible to access information about links privately shared through Facebook Messenger.
According to the report by Medium:
While you may only share links to funny cat videos with your friends, you should still be worried about this exploit. Sometimes, sensitive information (personal data, secret keys, …) are included in links without you even noticing…
In this small set of extracted URL’s, I’ve already found some interesting info:
• Names: Heather, Jenny, Paula, Yollanda, Bernardo, …
• Location or language.
• Attachments or pictures from the FB CDN: Direct link that sometimes allows access bypassing privacy restrictions.
• Application or game data: Some parameters are friend_level, friend_chips, user_name, group, steal_amount, …
• Secret links or hidden keys: Such as the editable Google Drive links or links to hidden pages, websites, and beta environments.
…and these aren’t mutually exclusive; some URLs include multiple parameter types listed above in one single link, thereby allowing a total stranger to gain personal information about you. Hello NSA?
While this technique is generally inefficient, as it can’t be used to identify specific links shared by individual users – and would require mass inputting of identification codes to find information – this flaw could easily be utilized by state actors, operating in a methodical manner, to target individual users.
The fact that the Facebook allows this type of security flaw to remain unpatched reveals a clear lack of investment in their users’ informational security — a continuing and ongoing problem with the social media platform.
DASH cryptocurrency and The Free Thought Project have formed a partnership that will continue to spread the ideas of peace and freedom while simultaneously teaching people how to operate outside of the establishment systems of control like using cryptocurrency instead of dollars. Winning this battle is as simple as choosing to abstain from the violent corrupt old system and participating in the new and peaceful system that hands the power back to the people. DASH is this system.
DASH digital cash takes the control the banking elite has over money and gives it back to the people. It is the ultimate weapon in the battle against the money changers and information controllers.
If you'd like to start your own DASH wallet and be a part of this change and battle for peace and freedom, you can start right here. DASH is already accepted by vendors all across the world so you can begin using it immediately.