The flaw of Facebook Messenger. The audio files sent through Messenger may be subject to an MITM attack, or man in the middle. This might make it accessible to other people voice conversations sent, on private or group chat on Facebook’s instant messaging service. The most worrying thing is that the social media, for now, has not put a stop to this problem. As explained to The Hacker News, Mohamed A. Baset, an Egyptian security researcher, a defect in your Messenger settings makes all your audio files vulnerable. Any cyber criminal can, in this way, listen to what we say to our friends.
Whenever we record a sound clip to send to our friend, the file is uploaded to the Facebook CDN server (for example, https: //z-1-cdn.fbsbx.com / …), where the same sound file, on HTTPS, it is made available for both the sender and the receiver. Now during this process, for a lack of proper authentication and HSTS policy on Facebook’s CDN servers, any hacker can implement a man-in-the-middle attack and listen to other people’s conversations. Also, the cyber criminal will be able to move the audio files from HTTPS to HTTP and can easily download them quickly. However, when questioned on the issue, developers of Facebook responded that it will shortly increase security in their applications which will simply prevent other users or hackers to access confidential information. The social media, however, did not give a precise date for this release so until then the advice is to avoid as much as possible to send audio files on Messenger containing confidential information, bank or sensitive data simply to avoid possible unpleasant consequences.