Facebook has had its fair share of privacy scares, and now the company has patched a bug in Messenger that apparently allowed anyone to listen in on your calls on Messenger.
The bug, found by Google’s Project Zero security researcher Natalie Silvanovich, only affected the Android version of Facebook Messenger. While the bug itself does sound scary, you probably weren’t attacked with it because it needs some special set of circumstances to actually be exploited. For example, both the attacker and the victim would need to have Messenger for Android, plus the victim should also be logged in to Messenger via a web browser. Moreover, since the attacker needs to call the victim, it means they should already be in the victim’s friends list before this exploit would work.
Still, if all these circumstances were met, the attacker could simply call the victim and send a special message. Messenger would then allow the hacker to listen in to the victim’s audio even if the call wasn’t picked up.
This bug probably reminds you of the infamous FaceTime bug that allowed people to eavesdrop on their contacts via FaceTime on Apple devices. That bug is apparently what inspired Silvanovich to research similar vulnerabilities and bugs in other popular messaging and calling apps as well. She has also found bugs in Signal and JioChat, which have also been patched.
If you are interested in this Messenger bug, you can read all about it, including steps to reproduce the attack on the Project Zero page.