How to modify a message on Facebook after you've sent it

Ever regretted hit the Transport/Enter button simply a niggling too quickly on Facebook Messenger? Wouldn't you love having a fashion to modify your sent messages? Even better, what if Facebook lets you delete the messages from the receiver'due south end. It would be awesome getting rid of all those embarrassing letters you might accept sent to someone yous in one case had a crush on. If you have been plotting about a possible account takeover to remove the messages you take sent, researchers have come up to your aid, saying that it is indeed possible.

Facebook Messenger exploit lets you alter and delete messages sent to others

Researchers from the security firm Check Point have shown that you can change or modify the messages after yous accept striking the Transport button in Facebook Messenger. Roman Zaikin, a security researcher shared that a unproblematic HTML tweak could be used to modify or delete messages, photos, files, and links from the target's Facebook business relationship.

The effect stems from how Facebook assigns identities to chat messages. Each of the messages in Facebook Messenger has a unique "message_id" identifier that an attacker could obtain past sending a asking towww.facebook.com/ajax/mercury/thread_info.php. Attacker can transport a modified message using the same ID, thereby replacing the previous message. Facebook would so consider the new message as legitimate and remove the original message content.

While a simple bug, it could be exploited to send malicious links that could and then lead to malware installation on the victim's devices. Researchers have released a proof-of-concept video that shows the Facebook Messenger vulnerability in action.

Facebook has rated the vulnerability every bit low risk. An interesting exploit, it could lead to severe consequences for target users. For ane, information technology could atomic number 82 to fraud campaigns that will alter the legitimate links and files with malicious content. "Hackers can tamper, alter or hibernate important information in Facebook chat communications which tin have legal repercussions. These chats can be admitted as evidence in legal investigations and this vulnerability opened the door for an attacker to hide evidence of a law-breaking or even incriminate an innocent person," Check Point research team noted.

The security research firm claims that the flaw affected both the web and mobile versions of the messaging application. However, Facebook has said that it merely impacted the Android app of Facebook Messenger, and that the "bulletin duplication" can simply be exploited to change your own letters, not someone else's. In a web log postal service published earlier today, Facebook shared;

This bug affected the Android Messenger interface, only the message content was still correctly reflected on other platforms. Nosotros also confirmed that the content self-corrected on Android when the application refetched message data from the server, and so it wasn't permanently inverse.

The researchers informed Facebook about this vulnerability earlier this month, and the social networking giant has already fixed the issue. "Based on our investigation, this simple misconfiguration in the Messenger app on Android turned out to be a depression take a chance issue and it's already been fixed," Facebook said.