Security experts warn all Facebook lovers about two seriously-dangerous vulnerabilities that may allow hackers to take over their accounts. They were found in three different mobile applications, the main Facebook app, Facebook Messenger for Android and the Facebook Pages Manager for Android.
According to the researcher Mahomed Ramadan, who is the one that found these issues, the first vulnerability allows hackers to steal Facebook access tokens and hijack accounts via any type of attachment, such as a video, a doc, a pdf or even a picture file. Once this attachment is downloaded to the device via the Facebook app and the Messenger app, the access-token is automatically leaked to the Android logcat, a tool where log messages from all Android apps are collected. This means that any type of app, no matter if it’s malicious or not, gets ability to capture this access_token and connect to Facebook account.
The second vulnerability was discovered in the Facebook Pages Manager app. This vulnerability is very similar to the first one, but, in order to exploit it, hackers need to make people loggin to their Facebook accounts. As a result, access tokens are similarly leaked to all apps that are kept on the mobile device.
This clearly shows that people should finally start thinking about the security of their mobile devices. Besides, they must also realize that updating apps to their latest versions is also very important when trying to avoid vulnerabilities like these two.