New settings help hackers test security for Facebook and Instagram applications more easily
Facebook recently introduced a new feature on both web platforms and mobile applications, designed to help the "money hunters" (pentester) easily find the possible security holes in the Facebook's Messenger and Instagram application on the Android platform.
If you don't know, Pentest (Penetration Testing) is a way of checking whether a certain IT system contains security holes or can be attacked by simulating test attacks. The person performing an intrusion test is called an intrusion test or a pentester.
- Tonight (March 26), Facebook's "dating" feature will be available in Vietnam, are you ready to try it out?
Almost all Facebook-owned applications use security mechanisms such as Certificate Pinning to ensure the integrity and security of traffic. Therefore, hackers as well as security researchers will find it more difficult to block and analyze network traffic to find security vulnerabilities from the server side. Need to say a little more about Certificate Pinning. If you do not know, it is understandable that this is a security mechanism designed to help application users avoid becoming victims of internet-based attacks, by automatically rejecting them all. connectors originating from websites that use and provide untrue SSL certificates.
Accordingly, this newly deployed Facebook option is named "Whitehat Settings", which now allows researchers to easily bypass the Certificate Pinning security mechanism on mobile applications owned by Facebook. show the following actions:
- Disable TLS 1.3 support from Facebook
- Enable proxy for platform API requests
- Use user-installed certificates
Also, according to Facebook, it is also possible "choosing not to use TLS 1.3 will allow you to work with proxies like Burp or Charles - which are currently the only protocols that support TLS 1.2".
- Facebook Messenger adds a citation response feature, adding a step forward in integrating messaging services
Note that the Whitehat Settings option is not visible to everyone by default. Instead, researchers must enable this feature explicitly for their Android application from Facebook's web-based interface, as shown below:
"To ensure the Whitehat Settings option is fully displayed in the mobile application environment, we recommend that you log out of your account from all relevant mobile applications, close the application. Use it, then access the app again and log back in. The login process will allow the application to automatically fetch new profiles and install the updates you just own. '
After the Whitehat Settings option is turned on, you will see a banner appear at the top of the application (Facebook, Messenger or Instagram), indicating that the network checking feature is turned on and your traffic is already there. Can be tracked.
If you want to check for security vulnerabilities that can appear in the Instagram mobile app using the newly launched Whitehat Settings, you should first link your Instagram app to the Facebook application.
- The new error on Instagram has caused millions of people to lose millions of followers
In addition, it should be noted that Whitehat Settings is not a feature developed for everyone, especially general users because it basically reduces the security of the attached applications. Facebook is installed on their device.
"To ensure the security of your account, we recommend that you turn off this setting when there is no need to perform our platform check to detect a bonus vulnerability," a Facebook representative said. know.
What do you think about this new feature of Facebook? Leave comments in the comment section below!
You should read it
- Instagram has a serious security error with registration with Facebook
- Detecting an extremely dangerous vulnerability on nearly 16,000 iOS applications
- 'Red alert' after the hack targeted Twitter, Facebook removed the feature matching contacts with phone numbers in Messenger
- Facebook Messenger sticks to a vulnerability that exposes users' contacts
- How to set up privacy mode on Instagram
- Mark Zuckerberg explains the reason for merging Messenger, WhatsApp and Instagram
- The NSA identifies 4 'critical' security vulnerabilities of cloud systems
- Facebook is part of BlackBerry's lawsuit strategy to 'make money'
- How to activate Instagram security with 2 layers by phone
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
- IBM developed a new technology to patch security holes
- 6 enterprise security holes to note