New settings help hackers test security for Facebook and Instagram applications more easily
Facebook recently introduced a new feature on both web platforms and mobile applications, designed to help the "money hunters" (pentester) easily find the possible security holes in the Facebook's Messenger and Instagram application on the Android platform.
If you don't know, Pentest (Penetration Testing) is a way of checking whether a certain IT system contains security holes or can be attacked by simulating test attacks. The person performing an intrusion test is called an intrusion test or a pentester.
- Tonight (March 26), Facebook's "dating" feature will be available in Vietnam, are you ready to try it out?
Almost all Facebook-owned applications use security mechanisms such as Certificate Pinning to ensure the integrity and security of traffic. Therefore, hackers as well as security researchers will find it more difficult to block and analyze network traffic to find security vulnerabilities from the server side. Need to say a little more about Certificate Pinning. If you do not know, it is understandable that this is a security mechanism designed to help application users avoid becoming victims of internet-based attacks, by automatically rejecting them all. connectors originating from websites that use and provide untrue SSL certificates.
Accordingly, this newly deployed Facebook option is named "Whitehat Settings", which now allows researchers to easily bypass the Certificate Pinning security mechanism on mobile applications owned by Facebook. show the following actions:
- Disable TLS 1.3 support from Facebook
- Enable proxy for platform API requests
- Use user-installed certificates
Also, according to Facebook, it is also possible "choosing not to use TLS 1.3 will allow you to work with proxies like Burp or Charles - which are currently the only protocols that support TLS 1.2".
- Facebook Messenger adds a citation response feature, adding a step forward in integrating messaging services
Note that the Whitehat Settings option is not visible to everyone by default. Instead, researchers must enable this feature explicitly for their Android application from Facebook's web-based interface, as shown below:
"To ensure the Whitehat Settings option is fully displayed in the mobile application environment, we recommend that you log out of your account from all relevant mobile applications, close the application. Use it, then access the app again and log back in. The login process will allow the application to automatically fetch new profiles and install the updates you just own. '
After the Whitehat Settings option is turned on, you will see a banner appear at the top of the application (Facebook, Messenger or Instagram), indicating that the network checking feature is turned on and your traffic is already there. Can be tracked.
If you want to check for security vulnerabilities that can appear in the Instagram mobile app using the newly launched Whitehat Settings, you should first link your Instagram app to the Facebook application.
- The new error on Instagram has caused millions of people to lose millions of followers
In addition, it should be noted that Whitehat Settings is not a feature developed for everyone, especially general users because it basically reduces the security of the attached applications. Facebook is installed on their device.
"To ensure the security of your account, we recommend that you turn off this setting when there is no need to perform our platform check to detect a bonus vulnerability," a Facebook representative said. know.
What do you think about this new feature of Facebook? Leave comments in the comment section below!
You should read it
- 'Red alert' after the hack targeted Twitter, Facebook removed the feature matching contacts with phone numbers in Messenger
- Facebook Messenger sticks to a vulnerability that exposes users' contacts
- How to set up privacy mode on Instagram
- Mark Zuckerberg explains the reason for merging Messenger, WhatsApp and Instagram
- The NSA identifies 4 'critical' security vulnerabilities of cloud systems
- Facebook is part of BlackBerry's lawsuit strategy to 'make money'
- How to activate Instagram security with 2 layers by phone
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
May be interested
- Facebook, Instagram have sent 1B people to accurate COVID-19 info, says Facebooksocial media giant facebook, which owns instagram, has been trying to get users to read information from trustworthy sources.
- Warning: Cyber attacks targeting web applications increase rapidly in 2019dawn smeaton, director of web application security at trend micro, said today's web-based applications are the new targets for hackers.
- Mark Zuckerberg explains the reason for merging Messenger, WhatsApp and Instagramspeaking at the company's quarterly income review meeting, ceo mark zuckerberg confirmed that facebook wants to make it easier for users to send messages through facebook applications.
- New feature allows answering Instagram messages from Facebookon february 8, facebook announced that businesses will now be able to receive and respond to customers' instagram messages in their inbox (inbox) on their facebook pages.
- Facebook, Instagram and WhatsApp crashed globally not because of DDoS attackscurrently, social networks including facebook, instagram and whatsapp are experiencing service disruptions in vietnam and around the world. according to facebook's announcement, this incident is not due to ddos attack and said the company is troubleshooting.
- Hackers Hate These 6 Email Settings! Turn Them On Now!failing to proactively protect your email can leave an open door that hackers will have a hard time resisting. fortunately, enabling these settings will help keep hackers at bay and won't take long for them to get their way.
- Facebook and Instagram are back up after some users experienced issuesfacebook, instagram and whatsapp were down for some users on wednesday. as of around 2:30 p.m. pt, outages were concentrated in regions including north and south america and europe.
- Serious vulnerability helps hackers attack Facebook accounts without the victim's actionscyber security expert samip aryal has just published information about a security vulnerability on this social network, allowing hackers to exploit victims' accounts without requiring any action from them.
- Download data from social networks to the hard driveif you want to save all data on social networks facebook, twitter, google+ or instagram, you can download easily from the browser without installing any other applications. users can use the feature provided by facebook itself to download data on this social network to the device
- The program 'find money exchange errors' on Facebook, the maximum prize up to 40 thousand USDany security researcher can join the program and when he finds a security vulnerability that allows hackers to take account, access in facebook-owned products and services like instagram, whatsapp and oculus will be rewarded.