Security Threat For Skype & Facebook

December 15, 2016

Skype and Facebook, two of the most popular platforms for chats, calls and video, are both in trouble over hackers being able to access chat histories and files. In two separate security catastrophes, one has left a backdoor for cyber criminals to infiltrate the programme and the other has overlooked a coding bug.

A problem with Skype for Macintosh can allow someone to intercept calls and chats within the Skype programme. Normally it would seem difficult enough to bypass the authentication protocol without knowing the relevant user data but a small edit to the text string exposes this huge risk. There is a section underneath the Skype Dashbd Wdgt Plugin whereby identifying as the programme responsible for supervising the API allows the possibility of skipping the authentication process completely. In layman’s terms, if you flash a fake maintenance badge they will let you in.

The risk presented is dangerous; someone abusing this backdoor can read messages, record phone/video conversations, steal contact information and even start chat sessions.

This problem dates back several years and was only recently discovered, possibly as an oversight which was not removed when it was supposed to have been. Skype have now updated Skype for OS X.

For Facebook the vulnerability discovered involves someone being able to read your chats and see what files have been shared. This affects up to one billion people at any given time. Falling for a malicious link gives the hacker the opportunity to do this on both desktop and mobile, with this problem affecting both platforms. Once clicked, the malicious website overrides and skips all necessary origin checks to give access to Facebook’s messenger service, which is not hosted directly on facebook.com.

Facebook has acknowledged this security problem and is working to patch the relevant coding.

It remains to be seen whether people lose confidence in these platforms but this does demonstrate how easily a trusted and popular platform can be compromised without the user knowing it.

Further Reading:

http://thehackernews.com/2016/12/hacking-skype.html
http://thehackernews.com/2016/12/hack-facebook-messenger-chats.html