Forum Discussion
FCM Message Notifications
A couple of our users received random notifications on the Teams mobile app this morning. The notification states "FCM Message". Anyone have an idea what's going on?
25 Replies
SuleimanDC - It looks like this is related to https://www.androidpolice.com/2020/08/25/hangouts-users-shouldnt-panic-about-mysterious-fcm-notifications/. There are a number of people https://www.reddit.com/r/MicrosoftTeams/comments/ihghrq/test_notification_fcm/.
ashleyw1490
Do you have the link for that alert? I would like to see if any updates.if you have access to the office365 admin portal it can be found on this page https://admin.microsoft.com/AdminPortal/Home#/servicehealth
If you say so.
Three news articles about this:
https://cybernews.com/security/exposed-google-keys-leaves-billions-of-users-open-to-mass-spam-and-phishing-notifications/
https://portswigger.net/daily-swig/google-firebase-messaging-vulnerability-allowed-attackers-to-send-push-notifications-to-app-users
https://code2care.org/q/fcm-messages-test-notification-microsoft-teams-google-hangouts-push-alert-firebase
The people that found the exploit:
https://twitter.com/y_sodha
https://twitter.com/absshax
EDIT: I'm also not too hasty to say that something written in a language that isn't the writers native tongue is untrue. Not everyone is blessed with the understanding of all languages in the world
Have had 7 in UK over about 15 minutes from 08:00 approx today (27.8.2020).
Clearly widespread and seems to be a Google Firebase vulnerability according to posts on Reddit, etc.
Concerned this may lead to attempts at phishing. Please fix ASAP!
- I've had 5 in one minute and about 20 this afternoon! So much phishing going on at moment so am concerned. Might uninstall Teams until it's fixed!
I received 5 notifications this morning "FCM Messages Test Notifications!!!!"
seems it is related to an exploit lets hope that Microsoft or Google plug it soon, otherwise I'll be uninstalling the Teams app on my phone.
I have also received these messages a little under an hour ago and this problem seems be on a global level.
Seems to me like they should change their token (API key) so that it isn't as easily exploited.
This article was published 17th August 2020 and as far as I can tell is the base idea for these exploits:
https://abss.me/posts/fcm-takeover/
Let us hope that this will be fixed with an update to the apps.
- Just found this thread on Reddit --> https://www.reddit.com/r/MicrosoftTeams/comments/ihghrq/test_notification_fcm/
- Got it too. Australia user. 6 messages at 5pm, and for a few mins after, at UTC+10 time.
