How Facebook Exposes your Virtual Security

Facebook security is a true headache for millions of its users. There is no secret that with constantly changing privacy policies and terms of use sometimes it is difficult to know what information is shared publicly and which is kept private. Unfortunately, these changes often bring not only the benefits but also security vulnerabilities, and so using Facebook might become dangerous. According to M. Kumar at thehackernews.com, over 100 million of people are using the Facebook apps on their smartphones, and this is exactly where the danger lies. As experienced researchers have revealed, Facebook users have to be particularly cautious about the official Facebook app and the Android compatible Facebook Pages Manager and Facebook Messenger. If you do not fix vulnerabilities related to these apps there is a possibility that your Facebook account will be hacked and you will suffer from identity theft. These are the risks which should be prevented at any cost.

The so-called main Facebook app is an official application which allows you to run Facebook in the same manner you would on your computer or tablet. Needless to say, the Facebook Messenger app allows Facebook users to manage chat messages, as well as send voice messages and photos. Both of these apps are by far the most popular Android apps. Unfortunately, hackers could use these to expose your virtual identity. It has been discovered that any additional apps on your Android device could capture the so-called Facebook access token. An access token is an equivalent to a web cookie on your computer. It is a piece of data which remembers your login data so that you would not need to log into your applications over and over again. Even though an access token should be kept in a safe place it has been discovered that it could be used for malign purposes.

It has been discovered that if you open a corrupted attachment downloaded onto your Android device, the access token of the application you used to download a file is sent straight to the Android logcat. Since most Android apps are enabled to access Android logs it is clear that your password, user name or login email could be accessed by unreliable parties. In the worst case scenario, your mobile profiles could be hacked, which opens a number of opportunities for the malicious parties. They could use your Facebook accounts to spread malware by presenting corrupted links on your Timeline, on friend’s walls or through private messages. If you have discovered that unauthorized activity has been performed you should be extra careful about how you handle your accounts in the future. The recommendation is to change your login information and to warn your Facebook friends about potential scams.

Facebook Pages Manager is an Android app which is useful to those who run multiple Facebook accounts, manage Facebook pages and wish to keep up with any activities, notifications or updates on these pages. The app also allows to check and send personal messages, as well as to schedule posts. Even though the application is also connected to the access token and the Android logcat, the way the Facebook Pages Manager vulnerability works you need to sign into your mobile Facebook account for hackers to record login data, not download files.

Even though these vulnerabilities have been patched already, in order to avoid any risks you should update all of the mentioned apps. As mentioned before, you should also change login data to ensure that the leaked information could not be used in the future. Regarding the first vulnerability you should be extra cautious about any downloadable files. If the sender/source of the file is unfamiliar or unreliable there is a great chance that it is not secure. The last advice regards any unreliable apps that are stored on your mobile/Android devices. In case the apps are managed by mischievous parties there is a possibility that if other vulnerabilities emerged you and your virtual identity could fall at risk once again.