Facebook App i using near to 100 million users, researchers are found the new vulnerability in Android Facebook app and Facebook Messenger, the security hole allows hackers to steal access tokens and hijack accounts.
Mohamed Ramadan is a security researcher with Attack Secure, has identified a couple of vulnerabilities in Facebook applications for Android.
The attacker simply needs to send the victim a message that contains an attachment – any type of attachment, including videos, documents, and pictures.
When the user downloads the attached file, the Facebook access token (access_token) is leaked to Android Logcat, the Android logging system that provides a mechanism for collecting a viewing system debug output.
This means that any Android application you have installed on your smartphone can obtain your access token, and implicitly allow access to your Facebook account.
Ramadan made a proof-of-concept video. For this security hole, the researcher has been rewarded with $3,500 (€2,500).
Mohamed Ramadan is a security researcher with Attack Secure, has identified a couple of vulnerabilities in Facebook applications for Android. The attacker simply needs to send the victim a message that contains an attachment – any type of attachment, including videos, documents, and pictures.
When the user downloads the attached file, the Facebook access token (access_token) is leaked to Android Logcat, the Android logging system that provides a mechanism for collecting a viewing system debug output.
This means that any Android application you have installed on your smartphone can obtain your access token, and implicitly allow access to your Facebook account.
Ramadan made a proof-of-concept video. For this security hole, the researcher has been rewarded with $3,500 (€2,500).
The vulnerability was found in Facebook Pages Manager app is the same like the other one but to exploit it you need to login to your Facebook account and your access token will be leaked to all apps without a need to download ANYTHING from ANYONE.
No comments:
Post a Comment