Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts
Oct 29, 2013
There are more than 100 Million users who are using Facebook mobile app. Facebook has fixed multiple critical vulnerabilities in its Android based applications that allows hackers to steal access tokens and hijack accounts. Egyptian security researcher Mohamed Ramadan, Security researcher with Attack Secure, has who disclosed a couple of vulnerabilities in the Facebook Main app and Facebook messenger app and Facebook page's manager application for Android. User's access token is the key to accessing a Facebook account and according to him, an attacker only needs to send a message that contains an attachment of any type, i.e. Videos, documents, and pictures. Once the victim will click on that file to download, immediately victim's access_token will be stored in the Android's log messages called - logcat , that enables other apps to grab user's access token and hijack the account. Video Demonstration: ...