Cybersecurity expert Samip Aryal - who is at the top of Facebook's "bounty hunter" list, has just announced information about a security vulnerability on this social network, allowing hackers to exploit victims' accounts. The problem was discovered and patched on February 2, but it took a month to be widely announced (due to security regulations).
According to Aryal, the vulnerability is related to the Facebook password reset process through the optional feature that sends a 6-digit authentication code to another device that the user has logged in or registered with. This code is used to authenticate the user and complete the password reset process on a new device (that has not been logged in before).
During the query analysis, he discovered that Facebook sends a fixed authentication code (which does not change the number sequence), which is valid for 2 hours, and has no security measures to prevent brute-force attacks, a type of unauthorized intrusion that uses the method of trying all possible password strings to find the correct character sequence.
Facebook account hacked just by scanning login code
This means that within 2 hours of sending the code, the attacker can enter the wrong activation code countless times without encountering any prevention measures from Facebook's system. Normally, if the wrong code or password is entered more than the specified number of times, a security system will temporarily suspend the login for the suspicious account.
2 hours may not be much for normal people, but for hackers using support tools, it is completely possible.
An attacker only needs to know the target account's login name to be able to send a request for a verification code, then apply the brute-force method continuously for 2 hours, until the result is that it is easy to reset a new password, take control and "kick out" the real owner's access sessions before they can do anything.
Mr. Vu Ngoc Son, NCS's technology director, said that this type of attack is beyond the user's ability to prevent and is called a 0-click attack. With this type, hackers can steal the victim's account without any action from them.
"When this vulnerability is exploited, the victim will receive a notification from Facebook. Therefore, if you suddenly receive a notification from Facebook about password recovery, it is very likely that your account is being attacked and taken over," Mr. Son shared. The expert said that with vulnerabilities like the one mentioned above, users can only wait for the supplier to patch the error.
Facebook is a popular social network in many countries around the world, including Vietnam, and users post and store a lot of personal data during use. Therefore, hackers often aim to attack and take control of accounts on the platform to carry out fraudulent scenarios.
Among these, the most prominent is the form of impersonating the victim and contacting relatives on their friend list to ask for money transfers to scam money. This method, with the support of Deepfake technology to fake video calls, has trapped many people. In order to create more trust, the scammers also buy and sell bank accounts with the same name as the Facebook account owner to easily carry out their scam.
Another form is to hijack and then use the account to send links or files containing malicious code, spreading on social networks. These malicious codes have the task of attacking and stealing personal information (such as bank account numbers, photos, contacts, messages and many other types of data stored in the device's memory) after being activated on the target device (the device used by the victim).
Source link
Comment (0)