FCM Message Notifications

Iron Contributor

A couple of our users received random notifications on the Teams mobile app this morning. The notification states "FCM Message". Anyone have an idea what's going on? 

 

 

25 Replies

@SuleimanDC 

 

I received 5 notifications this morning "FCM Messages Test Notifications!!!!"

seems it is related to an exploit lets hope that Microsoft or Google plug it soon, otherwise I'll be uninstalling the Teams app on my phone.

Have had 7 in UK over about 15 minutes from 08:00 approx today (27.8.2020).

 

Clearly widespread and seems to be a Google Firebase vulnerability according to posts on Reddit, etc.

 

Concerned this may lead to attempts at phishing.  Please fix ASAP!

@SuleimanDC 

Microsoft just sent this out so they are investigating. 

ashleyw1490_0-1598516569643.png

 

@SuleimanDC - It looks like this is related to a known Firebase bug.  There are a number of people reporting Teams alerts on Android devices.

@MSNEC 

I have also received these messages a little under an hour ago and this problem seems be on a global level.

Seems to me like they should change their token (API key) so that it isn't as easily exploited.

 

This article was published 17th August 2020 and as far as I can tell is the base idea for these exploits:

https://abss.me/posts/fcm-takeover/

 

Let us hope that this will be fixed with an update to the apps.

I am one of the person's received the messages around 10 notifications
Just to inform that I received 7 messages in Brazil this morning (Aug 27, 2020).
"FCM Messages Test Notificationsss"
Got it too. Australia user. 6 messages at 5pm, and for a few mins after, at UTC+10 time.
@ashleyw1490

That document has multiple spelling and grammatical issues. I wouldn't trust it.

@ashleyw1490 

Do you have the link for that alert? I would like to see if any updates.

I too faced the same issue. Today in the afternoon, I received at least 8 notifications- "Test Notificationsss!!!" @SuleimanDC 

@Bmandad4u 

If you say so.

Three news articles about this:

https://cybernews.com/security/exposed-google-keys-leaves-billions-of-users-open-to-mass-spam-and-ph...

https://portswigger.net/daily-swig/google-firebase-messaging-vulnerability-allowed-attackers-to-send...

https://code2care.org/q/fcm-messages-test-notification-microsoft-teams-google-hangouts-push-alert-fi...

The people that found the exploit:

https://twitter.com/y_sodha

https://twitter.com/absshax

 

EDIT: I'm also not too hasty to say that something written in a language that isn't the writers native tongue is untrue. Not everyone is blessed with the understanding of all languages in the world

Hi @Raffe80 

That was a screen shot from our 365 service health page, 

This is the latest:

ashleyw1490_0-1598527688491.png

 

@Raffe80 

if you have access to the  office365 admin portal it can be found on this page https://admin.microsoft.com/AdminPortal/Home#/servicehealth

 

 
Woke up to this as well

Also got seven of these, each with more s added to notifications. 

Just now got many notifications saying- "Testing notification from Microsoft to investigate the problem". Is it really Microsoft?

@SuleimanDC 

 

 

Hi There,

 

I am also getting the same alerts from today morning. I have received 14 Notification today.

Its this kind of spam/attack!!!!