Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around Deerfield Beach. Computer Services, Tech Support, IT Solutions and more!

Facebook Bug Discovered That Allows Hackers to Hijack Any Page

Facebook Bug Discovered That Allows Hackers to Hijack Any Page

Until very recently, there was a zero-day vulnerability in the Business Manager function on Facebook that could have allowed anyone to access, wreak havoc upon, and/or destroy any business’s representation on the social network if they so pleased. Fortunately, researcher Arun Sureshkamar discovered it, allowing Facebook to nullify the vulnerability.

Businesses, well-known public figures, and brands can create their own pages on Facebook. These pages are maintained by using the Business Manager, where page owners can manage accounts and the other users who are authorized to alter the page. As a part of its design, different business members were supposed to be able to access the business page and its assets.

Not included in the design, but available anyway through a hack, was the ability for anyone to access the page, free to wreak havoc on the page, or just delete it if they pleased. The attack required two Facebook Business Accounts, One and Two in the following example, and for the attacker to know what each page’s unique ID was, which could be found in the URL.

All the attacker would have to do is assign One and Two as partners and intercept the HTTP request with an intercepting proxy before their browser sent it along to Facebook HQ. This would provide them with the IDs of accounts One and Two, the page’s ID, and the access rights. At that point, the hacker simply inputs the Business page’s ID in and switches the account IDs of One and Two before sending the request as if nothing had happened. This flaw is known as an Insecure Direct Reference, and it can cause an absolute calamity if the wrong person makes use of them.

The prospect of a Business Page being so easily accessed and altered by an outsider would very likely terrify many business owners, and rightly so. As the public face of the company, a Facebook page is where many consumers and service providers go to form their first impression. If a page is handled improperly, that impression could also be the last, as the visitor moves along to another relevant page.

Fortunately for businesses everywhere, Facebook eliminated the vulnerability within six hours after Sureshkamar submitted his report, earning himself a hefty bug bounty for his efforts.

For more tech news, along with tips, tricks and best practices, be sure to check back to our blog.

Tip of the Week: Prevent Employees From Wasting Mo...
FBI Director Tapes His Webcam, Says You Should Too
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, 24 November 2024

Captcha Image

Blog Archive

2014
January
February
March
April
May
June
July
August
September
October
November

Mobile? Grab this Article

QR Code
Request a Consultation

Direct Technology Group strives to provide the best comprehensive IT, Computer, and Networking services to small businesses. We can handle all of your organization's technology challenges.

Contact Us
Contact Us

Learn more about what Direct Technology Group can do for your business.

1358 W Newport Center Dr
Deerfield Beach, Florida 33442

Call us: (954) 739-4700

News & Updates
Direct Technology Group is proud to announce the launch of our new website at www.directtechnologygroup.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...