Facebook would have been facing a major security bug issue for its Messenger calls if it were not for Google's Project Zero bug team that discovers the application's weakness. Google's team was able to detect a bug that lets hackers listen to a call before it even takes place, with users not able to detect that people are already listening.
YONKERS, NY - APRIL 06: (EDITORIAL USE ONLY) Empress EMS dispatchers Adrian Monroe and Brigitte Fowler track active calls on April 06, 2020 in Yonkers, New York. Empress EMS paramedics and EMTs treat and transport patients to hospitals throughout Westchester County and parts of New York City, the epicenter of the coronavirus pandemic in the United States. (Photo by John Moore/Getty Images)
The Californian social media conglomerate, Facebook, could have faced a major security threat that directs its focus to Messenger call users and goes undetected for a long time because of a security bug that was hidden. Hackers can manipulate that bug as the means to listen to calls despite users not answering as long as it keeps on ringing.
Facebook's Bug Bounty Program: Google Bug Team Discovers Messenger Security Issue
PARIS, FRANCE - SEPTEMBER 30: Fans use their mobile phones to take photos during singles matches of the 2018 Ryder Cup at Le Golf National on September 30, 2018 in Paris, France. (Photo by Ross Kinnaird/Getty Images)
According to Wired, Facebook's "bug bounty program" is a huge help regarding the security issues, which invites people to look into the company's applications and security. The teams that are joining the program dedicates themselves to looking at the structure and interface for any known or hidden bugs that could compromise user safety.
Google's Project Zero bug team recently discovered a Facebook Messenger bug for Android devices where hackers can listen to calls despite being on the ringing process only. Natalie Silvanovich discovers the hidden bug under Google's Project Zero bug-hunting team, which immediately gave notice to Facebook.
The Google team received a massive sum of $60,000 for the discovery and effort to find a bug that may go undetected for a long time. Hackers who know how to exploit this can send an invisible message and make a call to the target person and listen to background noise from the other end despite users not answering the call.
The invisible message contains the means and ways for the hacker to listen to the other end, manipulating the bug to be the gate that enables such horrendous crimes. Additionally, the recently discovered bug resembles Apple's FaceTime bug issues that surfaced on group calls.
According to Project Zero bug-hunting team's Natalia Silvanovich, the similar bug that appeared on FaceTime's interface in the past year made way for the current discovery that hid on Facebook Messenger. Silvanovich got inspiration and started to look for similar occurrences on other video conferencing applications.
The bug would only work if the user and hacker are Facebook friends or connected via Messenger that was authorized by the account owner. However, users that have many friends and accept requests from anyone might stumble upon hackers that pose as legitimate Facebook accounts. This bug would be a problem for users that have a long list of Facebook friends, which makes it difficult to track.
Facebook's Bug Bounty Program: Celebrating 10 Years Now
Facebook Messenger Rolled Out a New Security Update: You Can Now Lock Your Chats Behind Face IDScreenshot from Twitter post of @alexvoica
Facebook's Bug Bounty Program is now celebrating its 10th anniversary, which initially started on November 19, 2010. This is the social media company's way of involving the community and making the platform safe via third-party reports.
This program opens up various parties that partake in making social media more secure by reporting the vulnerabilities. Google's Project Zero bug-hunting team took part in the bounty program that led to the discovery of the Messenger for Android bug.
