Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ?
Today we are going to explain you that how a UK based Security Researcher, "fin1te" is able to hack any Facebook account within a minute by doing one SMS.
Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.
According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php
This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.
Enter that code in the box or as confirmation_code parameter value and Submit the form.
Facebook will accept that confirmation code and attacker's mobile number will be linked to victim's Facebook profile.
In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim's account.
Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.
In return, Facebook paying $20,000 to fin1te as Bug Bounty.
paid hackers
ReplyDeletehahaha really great post but now tech people are so crazy this is not worked
ReplyDeletelatest News in World
Happy New Year 2017 Images
Happy New Year 2017
Happy New Year 2017 Wallpaper
Christmas 2016 Wishes