Facebook SMS Spoofing

Facebook is a social networking service launched in February 2004, owned and operated by Facebook, Inc.[5] As of September 2012, Facebook has over one billion active users,[6] more than half of them using Facebook on a mobile device.[7] Users must register before using the site, after which they may create a personal profile, add other users as friends, and exchange messages, including automatic notifications when they update their profile. Additionally, users may join common-interest user groups, organized by workplace, school or college, or other characteristics, and categorize their friends into lists such as “People From Work” or “Close Friends”.

Facebook can be vociferated as a ubiquitous deity – your parents, your friends, your coworkers, your family, your supervisor, your president, everybody uses Facebook. Cellphones, Computers and Portable Media Players are all used for Facebook interactivity. Facebook has over one billion active users, more than half of them using Facebook on a mobile device, making this vulnerability almost cryptodynamic. If a user has a registered device on Facebook and the well-knit attacker acknowledges the users phone number, he/she is vulnerable.

Facebook has in place, a well-knit security system, the only problem is — mobile ineptitude. The number 32665 is basically a code retrieval subsystem, if you register the device, you’re required to to text the number 32665 — you’ll then be given a generated code you have to enter for near-end verification.

User (John Doe) | Phone Number: 0000000000

John Doe just registered his mobile device on Facebook, his # is 0000000000. The number 32665 — can be used to send messages, make posts, etc — the only requirement is of course, a registered device. Mary Ann is looking to toy with our John Doe — she programs a nice, able-bodied SMS Spoofer.

To: 32665

From: (John Doe’s #) 0000000000 (# is registered)


Solution: well-knit registration, instead of giving all the power to (32665) — there should be a more algorithm-dependent sys.

Simple, huh?

My guess is, this is already fixed — I contacted Facebook weeks ago.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: