Service receive & sending SMS

Hacker made $ 10,000 on GIF attack on Facebook Messenger

1546   |     /   Security

Hacker made $ 10,000 on GIF attack on Facebook Messenger
The hacker made $ 10,000 on Facebook last year for discovering a Messenger vulnerability that could obviously have been used to accidentally acquire images of other users.

Get a virtual facebook registration number and create accounts without linking your personal phone number.

In February 2018, Dmitry Lukyanenko, a researcher specializing in Android application security, decided to test how Facebook Messenger for Android handles corrupted GIFs.

Inspired by one of the vulnerabilities discovered back in 2016 in the popular ImageMagick image processing package, Lukyanenko generated several GIFs to see how they were processed.

He found a way to make the application crash, but Facebook did not pay a reward for this DoS flaw. However, the researcher noticed that the test GIF file that he uploaded to Messenger, which was not supposed to contain the actual image, displayed as what he called a “strange image” when the application opened in a web browser on a laptop. ,

He played around with GIF size, and the image looked like the screen of old TVs when there was no signal. After several tests, his GIF displayed a distorted version of the real image.

It was then that he realized that he was actually receiving data from an image previously uploaded by another user, which he called the problem of “accidental exposure to memory”.

Although Lukyanenko did not prove that the vulnerability could be reliably used to obtain confidential data, Facebook seems to have determined that this is a serious security hole, and decided to award him a reward of $ 10,000. The social media giant released the fix less than two weeks after receiving information about the error at the end of February 2018.

Users suggested that Reddit was the cause of the vulnerability, and some admitted that this could have serious security implications.

“He restored most of the imagination of others. Imagine that it was a photograph of your children that you privately sent to your family or something like that. This is a rather serious vulnerability, even if it can only be used to extract recently uploaded images, ”said one of the Reddit users.

Lukyanenko posted on his blog a post detailing his findings, as well as a video showing the exploit in action.

In 2017, Facebook awarded the researcher $ 40,000 for the remote code execution vulnerability introduced by ImageMagick.

Similar news

Facebook closes VPN app to spy on users

Facebook is in the process of eliminating yet another privacy mess. This time, the company announced the closure of the VPN application, which spied on its users.

Microsoft Patch Tuesday fixes over 60 vulnerabilities in your PC

March 2019 Microsoft Patch Tuesday updates address more than 60 vulnerabilities, including two zero-day Windows flaws that were used in targeted attacks.

Selling SSL / TLS Certificates on Dark Web

SSL, TLS certificates and related services can be easily obtained on dark web sites, according to an academic study sponsored by Venafi, a company specializing in the protection of cryptographic keys and digital certificates.


This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2024

All rights reserved