23 February 2013

Facebook Flaw allows complete control over your account !

   To many people , their Facebook account is a major part of their online presence , if not the only one . People share boatloads of their lives on this social network and interact with all their friends and family through it , Facebook  is practically the whole internet for quite a few people , and as such there are a lot of privacy concerns on the social network.

    By using Facebook's API even third party web developers can get access to a very large audience ,and  many apps do post spam and irrelevant things via their user's profile , all in an attempt to get more users  to use their app , thankfully , there is a permission system whereby you can disallow an app to post things that, you do not want to share .

Image credit
   but ,it seems this security has it's flaws , +Nir Goldshlager  has found a security flaw in this technique of securing the users account that allows a third party to get complete access to your account,

I wanted something more powerful!,

Something that will give me full permissions (read inbox, outbox, manage pages, manage ads,access to private photos, videos, etc.) on the victim's account without any installed application on the victim and make Facebook do the Goldshake ;),

  The hack works by utilizing the fact that Facebook has it's own "apps" that use these API and are completely trusted , hence , you don't need to allow Facebook messenger permission but Ebuddy or Nimbuzz will ask you for them . by using this one simple fact Nir was able to employ his previous findings and get complete access to the users account , without the user ever clicking the "allow" button. for more check out the video below and Nir's post 

if you want to read up more on this topic you can always ask Me in the Comments or Google :)
that's it for now , Tweets by @PrashantM911 like us on facebook , comment and share !