Cyber Security
Alert! Facebook 2FA bypassed – a bug is responsible for that!
By TechDogs Bureau
Share
Even more shocking is that the victim's phone number can be a gate pass! Hackers can use the victim's phone number and go to the centralized accounts center, link that number to their own Facebook account and then brute force the two-factor SMS code. It was the critical step because there was no upper limit to the number of attempts someone could make. It would take these simple steps for the hacker to take over the victim's Facebook account, just phishing for the password, given that the target didn't have two factors enabled anymore.
According to Gtm Mänôz, a security researcher from Nepal, there's no limitation by Meta on the number of attempts for entering the two-factor code authentication. This code is used for logging into accounts on the Meta Accounts Center, enabling users to link all their Meta accounts, such as Facebook and Instagram.
In an interview with TechCrunch, Mänôz, "Basically, the highest impact here was revoking anyone's SMS-based 2FA just knowing the phone number." Mänôz found the bug in the Meta Accounts Center and reported it to the company in mid-September last year.
TechCrunch asked Meta for its reply on this whole incident. Meta spokesperson Gabby Curtis said that at the time of the bug, the login system was still at the stage of a small public test. He noted that Meta's investigation after the reported bug found no proof of exploitation in the wild and that Meta saw no spike in usage of that particular feature, which would signal that no one was abusing it.
Besides, Facebook is set to make two-factor authentication (2FA) mandatory for high-risk accounts likely to be targeted by malicious hackers. You can think of this as an essential part of Facebook's enhanced security program intended to protect the funds of authorities like human rights defenders, journalists and government officials who may be at particular risk.
Head of Security Policy at Facebook, Nathaniel Gleicher, said, "2FA is such a core component of any user's online defense, so we want to make this as easy as possible. To help drive wider enrollment of 2FA, we need to go beyond raising awareness or encouraging enrollment. It is a community of people that sit at very critical points in public debate and are highly targeted, so for their protection, they probably should be enabling 2FA." He further added that "in early testing, mandating Facebook Protect saw more than 90% of high-risk users enroll in 2FA." What are your views on this news? Will measures like two-factor authentication help Facebook combat such bugs?
First published on Fri, Feb 3, 2023
Liked what you read? That’s only the tip of the tech iceberg!
Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!
Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.
Dive into TechDogs' treasure trove today and Know Your World of technology like never before!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.
Tags:
Related News on Cyber Security
Kaspersky Exits US, Forcibly Switches Users To UltraAV
Wed, Sep 25, 2024
By TD NewsDesk
Cloud Range Wins 2023 ASTORS Homeland Security Award
Thu, Nov 23, 2023
By Business Wire
Seraphic Security Named As A 2023 SC Awards Finalist
Tue, May 23, 2023
By Business Wire
ExtraHop Presents Ratiodata With Gold Partner Status
Wed, May 10, 2023
By Business Wire
Related Events & Webinars on Cyber Security
Trending Business Wire
Netapp Announces Integrated Solution With AWS Outposts For Hybrid Cloud Deployments
By Business Wire
Orange Business Launches "Live Intelligence": A Range Of Plug-And-Play Genai Solutions For Businesses
By Business Wire
Spectro Cloud Launches Edge In A Box Solution With Hewlett Packard Enterprise To Streamline Enterprise Kubernetes Adoption
By Business Wire
Veridas Launches Identity Fraud Solutions On Google Cloud Marketplace
By Business Wire
Viz.Ai Collaborates With Microsoft To Advance AI-Powered Clinical Workflows And Better Patient Care
By Business Wire
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion