Can you ever imagine that , A singe text message is enough to hack any facebook account without user inter action kr with out using any malicious stuff like trojan and phishing or keyloggers etc
Today , I am going to show you, How exactly this idea will work. this attack discovered by an US researcher "FIN1TE"..
The Concept.
Because 90% of us are faceboo users too, so we know that there is an option of linking your mobile number with your account , which allows you to recieve Facebook accont updates via SMS directly to your mobile and also you can login into you ACCOUNT using linked number rahther than your email address or username
According to the explorer , th loophole was in the phone numer lnking process ,or in techinical terrms at file /ajax/settings/mobile/confirm_phone.php
This pirticular webpage works in backgrounf when user submit his/her phone number and verification code,sent by facebook to mobile.That submission form having to main parameters , one for his verification code and second os profile_id , which iss the account to link the number to.
HACKING FACEBOOK ACCOUNT WITH JUST A TEXT MESSAGE
The Concept.
Because 90% of us are faceboo users too, so we know that there is an option of linking your mobile number with your account , which allows you to recieve Facebook accont updates via SMS directly to your mobile and also you can login into you ACCOUNT using linked number rahther than your email address or username
According to the explorer , th loophole was in the phone numer lnking process ,or in techinical terrms at file /ajax/settings/mobile/confirm_phone.php
This pirticular webpage works in backgrounf when user submit his/her phone number and verification code,sent by facebook to mobile.That submission form having to main parameters , one for his verification code and second os profile_id , which iss the account to link the number to.
HACKING FACEBOOK ACCOUNT WITH JUST A TEXT MESSAGE
As attacker , follow these steps to exucute the hack :
1.change valuse of profile_id to the victims vaaluse by tampering the parameters
2.send the letter F to 32665 , which is the facebok sms shortcode in the UK. you will recieve 8 charecter verification codeback.
facebook sms 3 1
3.enter that code in the box or as Conformation_code parameter value and submit the form.
1.change valuse of profile_id to the victims vaaluse by tampering the parameters
2.send the letter F to 32665 , which is the facebok sms shortcode in the UK. you will recieve 8 charecter verification codeback.
facebook sms 3 1
3.enter that code in the box or as Conformation_code parameter value and submit the form.
Facebook will accpet that conformation code and attacker's mobile number will be linked to victims facebook profile.
In next step the hacker just need to goto forgot password option.and intiate the password reset request against of victim's account
Attacker now can get password recovery code to his own mobilw number which is linked to victims account using above steps .Enter the code and reset the password
Facebook no longer accpeting the profile_id parameter from the user as it was informed to the organization FACEBOOK Inc.
for this BUG REPORTING facebook paying $20,000 to fin1te as Bug Bounty
note:(warning)
The articles in this blog are completely for education purpose only, In any manner this author /blog do not intent to encourage to do hacking over the network,In case any sense the issues caused by you, the author responsible for your work ,its your own risk please have a kind sense and be ETHICAL
