It looks like 2020 is quite the eventful year…
Google has made yet another mistake, just like in late 2018, with the google data breach. This time, it’s all about the ‘FCM’ Notifications Fiasco. Disappointing, isn’t it?
So far, the ‘FCM’ Test Message has appeared on both Microsoft Teams and Google Hangouts. You will also find many reposts about this on Reddit, confirming the massive spam sent worldwide.
What is FCM?
Firebase Cloud Messaging (FCM) is a cross-platform messaging solution that allows you to send and receive messages. (It’s all cost-free!)
How does FCM work?
An FCM implementation involves two main sending and receiving components:
a. A trusted environment, like Cloud Functions for Firebase or an app server to build, target, and send messages.
Now, people suspect that this was exploited through Android, which is quite possible, given that there have been a lot of #AndroidHackingMonth tweets at the beginning of 2020, sharing some instructions for Android application hacking. (learn more)
Legend has it that this might have been a mistake by a Google employee nodding off at their keyboard while working from home, hence pressing the launch button for ‘FCM’ Test Messages.
Anyway, there is no need to go on a panicky toilet paper spree yet again. Relax, because the messages were harmless, and Google is already conducting an investigation.
P.S. We will update this post as soon as we receive more information about the incident.