Ο Mohamed Ramadan, a security researcher from Attack Secure, identified two vulnerabilities in Facebook apps for Android.
One of themevulnerabilities affect application versions Facebook and Facebook Messenger always for Android. The security gap allows hackers to steal them token access and through them to gain access to the accounts.
In accordance with Ramadan , the attacker must simply send a message στο θύμα που περιέχει ένα συνημμένο – ή σύνδεσμο οποιουδήποτε τύπου, βίντεο , έγγραφο ή και photos.
When the user downloads the attached file, Facebook access_token is registered in the Android logcat, which is the Android logging system (logs) that provides a system for debugging the system.
Αυτό σημαίνει ότι οποιαδήποτε Android εφαρμογή που έχετε εγκαταστήσει στο smartphone σας μπορεί να αποκτήσει το διακριτικό πρόσβασης σας , και εμμέσως τον account on Facebook.
“Every time you use the Facebook app or the Facebook Messenger app to download files from the messages, your access_token will be leaked and any application, even non-malicious ones, can take these tokens and hack your Facebook account,” the researcher said.
For this vulnerability, the researcher took from Facebook as a reward for the 2500 dollar finding.
The second vulnerability he discovered affects Facebook Manager as well as Pages for Android. The vulnerability is similar to the first.
To demonstrate vulnerability to applications o Ramadan made a demo and recorded it on video.