Hacked Facebook Account with One SMS.

Hacked Facebook Account with One SMS by UK based Hacker, Facebook Security Team rewarded him reporting flaws in the System.

Guys Today's story is different from others. People usually use Malicious code, Social Engineering, Trojans, Phishing to Hack a Facebook Account, But this story is entirely change, here Hacker called "fin1te" which is from UK found a big flaws in Facebook messaging system, reported to Facebook and Facebook rewarded him By $20,000 US.

Today I am going to explain you that how a UK based Security Researcher, "fin1te" is able to hack any Facebook account within a minute by doing one SMS.

Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.

According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php

This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.

 
As attacker, follow these steps to execute hack: 

1. Change value of profile_id to the Victim's profile_id value by tampering the parameters.
2. Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back. 
   
3.  Enter that code in the box or as confirmation_code parameter value and Submit the form.

Facebook will accept that confirmation code and attacker's mobile number will be linked to victim's Facebook profile.

In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim's account.

Attacker now can get password recovery code to his own mobile number which is linked to victim's account using above steps. Enter the code and Reset the password!

Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.

In return, Facebook paying $20,000 to fin1te as Bug Bounty.

Found Really interesting?? 
Don't forget to Subscribe us..

Facebook Security

How To Keep Facebook Account 100 % Safe From Hackers:

As far as Social Media is concerned Facebook is the best media to connect with people. We all are having facebook account,But,is your account safe from hackers ?
The best answer is NO !You might be thinking that,how you can say this so confidently.Okk dear ! But I have so many proofs for my statement.

But how you can say that your account is safe from hacker ?

Simple answer of above question can be found in following discussion !! 

 After reading entire post you can learn "Techniques Used By Hacker" &"How you can secure your account"

• Create A Strong Password.Take password with combination of at least six numbers, letters, and punctuation marks (like ! and &) 
• Change password regularly.
• Hide Email.If your email is hacked,then your account can be hacked.For this reason you must hide your email from facebook.
• Dont Click On Phishing Link .
  Phishing is a page where you can find fake login page of Facebook.So never enter your password in this page.Ex. Of phishing page see below image !
    
  1. Logout From Public Devices :Log out of Facebook when you use a computer you share with other people.
  2. Enable Secure Browsing: To change your secure browsing (https) setting: 1. Go to your Security Settings page (>Account Settings>Security) 2. Click on the Secure Browsing section 3. Check the box provided and save your changes When you have secure browsing turned on, the address bar in your browser should begin with"https" . 
  3. Enable Login Notification: Login notifications are an extra security feature. When you turn on login notifications, Facebook will send you an alert each time someone logs into your acccount from a new place. To turn on login notifications: Feature phones 1. Click Settings & Privacy (bottom of every page) 2. Click Security 3. Click Enable next to Text Message Login Notifications or Email Login Notifications to turn them on.
  4. Use Security Questions: A security question helps you verify you own your account in case you ever lose access to it or your account has been hacked.
  5. Use Anti-Virus In Browser: Run anti-virus software on computers you use to log in. 
   
• After Following Above Steps Your Account Will Be 100% Secure ! For Trick & Tips Join Our Fb Page.   Shocking Fb Tricks