Information Security Professionals Find Critical Vulnerability in Facebook

Recently, Facebook has admitted a vulnerability in its mobile application which can be used by hackers to gain unauthorized access to Facebook accounts. The vulnerability affects all versions of Android including Froyo or Android 2.2 and popular smartphones including HTC Desire that run Froyo. Facebook has since fixed the vulnerability affecting any form of Android using its existing vulnerability scanner.

The vulnerability, according to security firm Checkbridge, affects Facebook’s own code and violates the code of the Android Open Source Project. The vulnerability is revealed during the daily security check by Checkbridge. The vulnerability affects Android version 2.2 and popular devices like HTC Desire that run Froyo. Recently, Facebook revealed another vulnerability that affects the English Facebook site and can be accessed using the users’ phone number. The vulnerability affects all versions of Android, including Froyo or Android 2.3. The vulnerability can be exploited by attackers to gain unauthorized access to Facebook accounts.

Ethical hacking and vulnerability assessment tests are used by the Checkbridge to identify the vulnerabilities in code. Season of vulnerabilities in the code by malicious users is tested using a wide range of virtual environments and identifies the security issues.

The vulnerability is discovered when the user receives a message signed with a random secret key. The message contains a hash containing a 16- or 32-bit number, which is scheduled to be fixed by a developer in due course. However, the message may be altered by an authorized attacker, who will relaunch the attack to produce a different result. The difference in the frequencies in the altered and original messages is used to detect the intrusion.

The safety of accounts is guaranteed by means of replay protection and Enhancement tokens. An attacker cannot respond to another user’s message, therefore, the chances of impersonating another user are small.

Enrollment in the mobile payment service by using a mobile phone that lacks a security certificate is vulnerable to man-in-the-middle attacks. A malicious user can use the unsecured phone to connect to the online social networking site to impersonate another user. With the accomplishes, he can start chatting with his victim, identified by face and voice. He can then simply follow his victim wherever he goes, introduce him to people he meets, and take a portion of his profile.

Malicious users can change the settings of the Facebook account, destroying your ability to access your profile and friends. They can delete your friend’s information, block you from sending them emails, and even reveal your password. To ensure your account is safe, make sure you set the security setting to medium or even maximum. Never fill in your password with your social networking site, a common trick used by hackers.

You should not click on links you receive from your contact to prevent malware from collecting on your computer. If you receive an unknown message, do not cut and paste it because it is likely a link. Simply delete it.

If you wish to disable your Facebook account for security reasons, you can also do so. Type the name of your account in the Facebook search box and select the options panel. From there, click on Account. From the drop-down list, click on Privacy. Click on the link on the left that says “How people bring your account to the Internet” and click the Settings button under Account Options. From here, you will be able to track how your account has been used.

While you are on the internet, avoid opening emails from unknown sources. If you receive an email from a person you do not know, do not open it until you verify that it is legit. Also, do not click on any ads and links in the emails. These are known as adware and spyware.

If you have a registered or paid account on a social networking site, you should sign in every month to maintain your membership. You can cancel your paid account at any time if you are no longer using it. You will receive a notification when your account is about to expire. You can renew your paid account at that time. If you renew your account before it expires, you will automatically be enrolled in the organization’s free membership.