Paul Walsh
3 min readJun 10, 2016

A vulnerability just found in Facebook Messenger would allow an attacker to change a conversation thread in both the Facebook Online Chat & Messenger App.

This means an attacker can hijack the communications, modifying or removing any sent message, photo, file, link and much more.

Check Point, which discovered the flaw, pointed out that given the fact that users rely on Facebook for personal and business-related communications, this kind of malicious power could have long-ranging consequences.

The Facebook Messenger service allowed malicious users to use the vulnerability for malware distribution. An attacker can change a legitimate link or file into a malicious one, and easily persuade the user to open it. The attacker can use this method later on to update the link to contain the latest C&C address, and keep the phishing scheme up to date.

At MetaCert we have predicted that phishing and other malicious link attacks will migrate from email to messenger services for two reasons; firstly because people are reducing their reliance on email in favor of messenger services, so it’s quite obvious that cybercriminals will do the same.

Secondly because not a single messenger service has any built-in security against malicious links like corporate email. And companies that rely on network-based security are left with a false sense of security because most of their staff are probably accessing these services using the mobile app — either using their own wifi or the cell network. During this time, users are left exposed with zero security to keep them and their corporate data safe.

Cybercriminals are likely to change their tactics when they realize that these services and their enterprise customers lack the link security that their email systems offer.

There is a fix

Companies that installed MetaCert’s Security Integrations for Messenger services HipChat and Slack, are protected while opening web links — no matter where they are located or what device they use.

When a team member posts a link to a channel in Slack or a room on HipChat, the integration checks MetaCert’s Treat Intelligence system to see if it’s dangerous or not. If a link has been labeled as ‘Malware and Phishing’, an alert is sent to the channel/room so users can proceed with caution or avoid opening the link.

Almost all of our customers sign up for the same link protection for ‘Pornography” — most probably because they must comply with content compliance policies. Or because they want to reduce the risk of users installing or spreading malware, spyware and other malicious code which can lead to major data breaches.

When using the HipChat Security Integration users can report suspicious links by clicking on a “Report URL” button that is permanently on the side of all chat rooms. Suspicious links that are flagged, are immediately added to that customer’s cloud-based blacklist to ensure alerts are sent to a room any time the link is shared in the future.

Check out the MetaCert Security Integration with a built-in Security Bot for Slack here.

You can also check out the HipChat Security Integration with built-in anti-spear phishing protection, here.

Both of these security services take less than 30 seconds to install and configure.

Paul Walsh

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.