Facebook hacked again, this time hackers have done it without using any other malicious code neither user interaction. UK based Security Researcher, “fin1te” revealed that attack could compromise any Facebook account in less than a minute simply exploiting an SMS message.
The hacker exploits the possibility provided by Facebook to link user’s mobile number with user’s account, the feature allows him to receive updates via SMS and to login using the number rather than the email address.
The hackers have found a bug the component
which receive various parameters, most importantly for the hack are “code” (verification code received via mobile), and “profile_id” (account identifier linked the number).
The webpage works in the background when user submits his phone number and verification code, sent by Facebook to mobile. Despite the parameter profile_id is linked to the user’s account it’s modification to the hacker’s target doesn’t trigger an error.
Following the sequence of the attack to Facebook described by “fin1te”:
Change value of profile_id to the Victim’s profile_id value by tampering the parameters.
Use the received verification Box entering it in the box or providing it as value for the parameter confirmation_code and Submit the form.
The attack is completed, Facebook will accept the confirmation code linking the attacker’s mobile number to victim’s Facebook profile and allowing the attacker to impersonate him.
At this point the attacker just has to execute the procedure for “Password forgotten” and initiate the password reset request against of the victim’s account.
“Attacker now can get password recovery code to his own mobile number which is linked to the victim’s account using the above steps. Enter the code and Reset the password!”
Facebook response was very fast no longer accepting the profile_id parameter from the user end after the warning provided by fin1te that also received from the company $20,000 as recompense for the Bug Bounty program.
(Security Affairs – Facebook, hacking )
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.