Can you imagine that hacking a Facebook account with just a single text message ? without phishing, keylogger and trojans ? yes it was possible.
One of the UK’s security researcher named fin1te have found the way to hack any Facebook with the help of the single text message.
As we tend to use Facebook so we are familiar with linking your account with the mobile number so you can get all the notifications, messages and even you can login into your Facebook account using that your mobile number.
And according to the fin1te security researcher the loophole was in mobile number linking process.
The webpage which works in the background when the user summits his phone number that webpage have two parameter named Profile_id and verification code which is the account to link the number.
How an attacker can exploit this ?
1. Attacker will simply change the Profile_id to the victim's Facebook Id by simply tempering the data. (temper data Firefox add-on).
2. And an attacker will send text message “F” to 32665 and then the attacker will receive the 8 character conformation code
3. Finally he will enter that verification code and he will submit the forum so now his number is linked to the victim’s Facebook id :D
Now you know an attacker can easily change the password by simply “Forgot password” option and then he will again receive the code and he can access your account using his number.
The Facebook have offered him $20,000 as a bounty !