To many people , their Facebook account is a major part of their online presence , if not the only one . People share boatloads of their lives on this social network and interact with all their friends and family through it , Facebook is practically the whole internet for quite a few people , and as such there are a lot of privacy concerns on the social network.
By using Facebook's API even third party web developers can get access to a very large audience ,and many apps do post spam and irrelevant things via their user's profile , all in an attempt to get more users to use their app , thankfully , there is a permission system whereby you can disallow an app to post things that, you do not want to share .
I wanted something more powerful!,
Something that will give me full permissions (read inbox, outbox, manage pages, manage ads,access to private photos, videos, etc.) on the victim's account without any installed application on the victim and make Facebook do the Goldshake ;),
The hack works by utilizing the fact that Facebook has it's own "apps" that use these API and are completely trusted , hence , you don't need to allow Facebook messenger permission but Ebuddy or Nimbuzz will ask you for them . by using this one simple fact Nir was able to employ his previous findings and get complete access to the users account , without the user ever clicking the "allow" button. for more check out the video below and Nir's post
if you want to read up more on this topic you can always ask Me in the Comments or Google :)
that's it for now , Tweets by @PrashantM911 like us on facebook , comment and share !