SECURITY experts today will reveal a major flaw in Facebook Messenger that is set to have major legal ramifications, including judicial decisions being sent back to the appeal court and commercial agreements sent into disarray.
Cyber security firm Check Point, at a conference in London this afternoon, will reveal details of the security flaw in Facebook Messenger which is used by 900 million people around the world.
Check Point security researcher Roman Zaikan discovered a backdoor in Messenger which allows hackers in and lets them alter a message thread without either party in the conversation detecting the “man in the middle†hack.
Check Point’s report on the security flaw warns it “could have a severe impact on users due to Facebook’s vital role in everyday activities worldwide.â€
One of the major concerns is because Messenger conversations can be submitted as evidence in court.
The Check Point report says a malicious hacker could alter a conversation to claim he had reached a falsified agreement with a victim of the attack.
“This vulnerability opened the door for an attacker to hide evidence of a crime or even incriminate an innocent person,†it says.
Another potential risk is that a hacker could pose as a friend to infect someone’s computer with ransomware and then demand payment to unlock it.
Check Point Australian general manager Christopher Rodrigues said the cyber security firm alerted Facebook as soon as it detected the security hole and Facebook had fixed it.
But it is not clear how long the flaw has been present in the app used by millions of Australians.
“We cannot confirm how many people have been affected by this,†he said.
Mr Rodrigues said there would be likely ramifications in the legal world in cases where Messenger communications were involved.
“Has that evidence been tampered with it or not? Does that particular individual, or the people in that case, do they know if they’ve been tampered or not? That is something which obviously they need to investigate
“If they think as an individual or a user they think that doesn’t look right or I don’t remember saying that, then they have to take steps. What this means is it means a lot of grief. For sure there will be something that could affect on the legal trait.
“It’s like having an invisible person in your house and you’re not knowing it. They could unlock the doors so when you’re not here somebody else could come in.â€
Facebook released a statement in a blog post on the problem, saying it was the result of a “misconfiguration with the Messenger app on Androidâ€.
Facebook said the “bug†allowed someone to change the content of their message but not somebody else’s message.
Facebook said even if someone altered the content of a message, using the flaw in the Android app, the correct version of the conversation still existed in other platforms and could be used as evidence of the unaltered conversation.