A developer for Danish company Airtame found a potentially devastating flaw in Facebook’s new (and mandatory) Messenger app that could have let hackers force your phone to make a call if you clicked on a link. However, Facebook responded to the threat quickly, and has already prepared an update that they will push out to fix the security hole.
According to Tech Radar, the loophole occurs on apps that don’t issue a pop-up window when users tap a phone number to call within the app. A hacker could potentially create a malicious web link that, if clicked within native apps like Facebook Messenger, Gmail, Google+, Facetime and others, could place a potentially harmful call without the user being able to stop it. As the Danish developer who discovered the issue, Andrei Neculaesei, points out, the flaw could also have been extremely costly to users.
“Imagine I register a premium-rate phone number and then I send you the link on Facebook Messenger or Twitter,” he wrote in a blog post detailing the problem. “You click it and call me, I pick up instantly and charge you.”
As of the afternoon of Monday, August 25, Facebook was the only company to respond to the issue, though the other apps involved will likely soon follow suit.