Saturday December 7, 2019
Home Lead Story FB, Instagram...

FB, Instagram on Google Play Store Vulnerable: Check Point

The revelations come amid a snooping controversy that hit WhatsApp after Israeli spyware Pegasus exploited vulnerability in the messaging platform, affecting 1,400 select users globally, including over 100 in India

0
//
facebook, instagram
Facebook, Messenger and Instagram apps are displayed on an iPhone, March 13, 2019, in New York. VOA

Check Point Research on Thursday said it found the latest versions of some of the most famous apps in the world on Google’s Play Store, including Facebook and Instagram, to have vulnerabilities that were believed to have been patched earlier.

The research shows that threat actors can still execute code on the latest versions of mobile applications on Play Store, despite the updates those mobile apps have pushed to people.

In short, threat actors can gain administrative control over the mobile applications studied by Check Point Research.

Theoretically, hackers can steal and alter posts on Facebook, extract location data from Instagram and read SMS messages in WeChat, said the research.

In a month-long study, Check Point Research cross-examined the latest versions of these high-profile mobile for three known remote control execution (RCE) vulnerabilities dating from 2014, 2015 and 2016.

Each vulnerability was assigned two signatures. Then, Check Point Research ran its static engine to examine hundreds of mobile applications in Google’s Play Store to see if old, vulnerable code was present in the latest version of the application.

facebook, WhatsApp, stories, feature
An iPhone displays the app for Facebook in New Orleans, Aug. 11, 2019. VOA

Check Point Research found vulnerable code, which was claimed to patched, present in the latest versions of popular mobile application.

For now, Check Point urges people to install an antivirus-app that monitors vulnerable apps on the phone.

“Mobile app stores and security researchers do proactively scan apps for malware patterns, but devote less attention to long-known critical vulnerabilities. Unfortunately, this means there’s not much the end user can do to keep his mobile device fully secure,” said the research.

Also Read: Google Announces to Pay $1 Million for Finding Bugs in Pixel Phones

Check Point Research said it informed the applications as well as Google about the vulnerabilities.

The revelations come amid a snooping controversy that hit WhatsApp after Israeli spyware Pegasus exploited vulnerability in the messaging platform, affecting 1,400 select users globally, including over 100 in India. (IANS)

Next Story

Social Media Giant Facebook Sues Chinese Company Over Alleged ad Fraud

According to a report in CNET, Facebook said it has paid more than $4 million in reimbursements to victims of these hacks

0
facebook, WhatsApp, stories, feature
An iPhone displays the app for Facebook in New Orleans, Aug. 11, 2019. VOA

Facebook has sued a Chinese company for allegedly tricking people into installing a malware, compromising peoples accounts and then using them to run deceptive ads.

Facebook blamed ILikeAd Media International Company Ltd. and two individuals associated with the company — Chen Xiao Cong and Huang Tao – for the fraud.

The defendants deceived people into installing malware available on the Internet. This malware then enabled the defendants to compromise people’s Facebook accounts and run deceptive ads promoting items such as counterfeit goods and diet pills, the social media giant said in a blog post.

The defendants sometimes used images of celebrities in their ads to entice people to click on them, a practice known as “celeb bait”, according to the lawsuit filed on Wednesday.

In some instances, the defendants also engaged in a practice known as cloaking, Facebook said.

Social Media, Facebook, Authenticity, Posts
The social media application, Facebook is displayed on Apple’s App Store, July 30, 2019. VOA

“Through cloaking, the defendants deliberately disguised the true destination of the link in the ad by displaying one version of an ad’s landing page to Facebook’s systems and a different version to Facebook users,” said Facebook’s Jessica Romero, Director of Platform Enforcement and Litigation and Rob Leathern, Director of Product Management, Business Integrity.

Cloaking schemes are often sophisticated and well organised, making the individuals and organisations behind them difficult to identify and hold accountable.

Also Read: New Account of Twitter named @TwitterRetweets to Highlight Best Tweets

As a result, there have not been many legal actions of this kind.

“In this case, we have refunded victims whose accounts were used to run unauthorised ads and helped them to secure their accounts,” they wrote.

According to a report in CNET, Facebook said it has paid more than $4 million in reimbursements to victims of these hacks. (IANS)