A Facebook flaw that would have been a golden opportunity for cyberattackers who in the planning to abuse Facebook accounts for spam and identity theft, have been successfully fixed by a UK based researcher who also grabbed the bounty of $20,000 which was set as bounty for the potentially harmful Facebook flaws fixation project.
The intelligent security engineer for application is a recognized expert in finding vulnerabilities in Facebook, Google and Etsy also bagged the $20,000 set as a bounty to remove the flaws and described how severe the issue was.
Jack Whitten known as “fin1te,” in his blog , wrote how he discovered such a harmful flaw in Facebook that happened a month ago which allows an attacker to hack anyone’s account with a minimal effort . The researcher has discovered that there is a chance in resetting password of anyone’s Facebook account by simply finding a loophole lin Facebook’s mobile update facility that was offered by Facebook for users who are on the go as evolution of technology has made us to have easier communication. Whenever a user register a phone,the Facebook site sends authentification code by SMS but Whitten found that there is a chance to rectify the profile id column in the Facebook mobile confirmation page of a different Facebook user. Then, Facebook asks for a password but unknowingly not the one of the victim to be. The process eventually links the attacker with the account of the victim
To solve this, Whitten initiated a password reset for the victim’s account and the code was needed in resetting the password was sent to Whitten’s mobile, attached with a link of password reset page.
He concluded his solution by entering the code into the form, choose a new password and lastly describing, it’s done, the account is ours in his blog.
Leave a Reply