Facebook Messenger and HSTS
Pic Source: zona3.mx/sites/default/files/Facebook-Messenger-iPhone-6.png
On Tuesday, Seekurity Founder and Cyber Security Advisor, Mohamed A. Baset, published a proof-of-concept video demonstrating what he calls a Facebook flaw that allows an attacker to access audio or video files from Facebook servers and play them back.
Facebook is dismissing claims by a researcher who says multimedia content such as audio-based messages sent via its Facebook Messenger service can be intercepted by a third-party under certain conditions.
Facebook is dismissing Baset’s claims, telling Threatpost, “We appreciate researcher reports, but this is not a flaw and does not impact the normal functioning of voice clips on Messenger.”
Baset concedes that the alleged threat he illustrates represents a “narrow attack surface” and is “not really that dangerous for most users.”