Last Updated on September 23, 2020
It looks like 2020 is filled up with quite the action, the ‘FCM’ Notifications Fiasco is another failure on google’s part just like back in late 2018 with google data breach. Another day, another disappointment!
The ‘FCM’ Test Message so far has appeared on both Microsoft Teams and Google Hangouts, there are many repots about this through the reddit boards confirming the massive spam sent across the globe.
So what is ‘FCM’ exactly?
Firebase Cloud Messaging (FCM) is a cross-platform messaging solution that lets you reliably send messages at no cost.
How does it work?
An FCM implementation includes two main components for sending and receiving:
- A trusted environment such as Cloud Functions for Firebase or an app server on which to build, target, and send messages.
- An iOS, Android, or web (JavaScript) client app that receives messages via the corresponding platform-specific transport service.
Currently, many people suspect that this was exploited through Android, which is not far-fetched since the beginning of this year has seen a lot of #AndroidHackingMonth tweets, sharing some instructions to Android application hacking. (learn more)
Another theory is that this was nothing but a mistake by one of google’s employees, working from home and having their Jerry run around the house and jump on the keyboard, then pressing the nuclear launch button for ‘FCM’ Test Messages across the globe.
In any case, there is no reason to panic and start hoarding toilet paper yet again. You can rest assured that the messages have been harmless, and Google is already investigating.
Note: We will update this post once we get more information about the incident.
Source: Firebase, Google Support, abss, Reddit (1) (2).