Jack Whitten, a hacker known by the pseudonym name fin1te indicates that the social network is to correct a security flaw that was discovered. The vulnerability allowed to take control of a Facebook account using the supposed link of a profile from a SMS function on a mobile phone.
A British security expert announced that Facebook has fixed a security flaw that was very annoying. Known as fin1te, he had received 20,000 dollars from the social network, amount paid under the rewarding program fpr those who communicate with the social network of security vulnerabilities in devices of its services.
Jack Whitten or fin1te said on its blog that it was possible to take control of an account in a short time. Facebook has indeed linked a phone number to their account. The user can then receive information updates via SMS. The number can also be used to input to the social network door.
The registration code sent to the user is presented in a format that allows it to edit the profile_id field, the fault is located precisely on /ajax/settings/mobile/confirm_phone.php. Following this change, Whitten added that the victim’s account is linked to the phone of the attacker. The latter can then request a password reset, and get access to the same account.
According to the hacker, the problem was presented to Facebook on May 23, the social network has subsequently responded and corrected the flaw now.