FB through mobile can be dangerous

Nov 30, 2010 - Hemant Abhishek (The Asian Age)

A method of staying connected on the go, the “Facebook over Mobile” facility has turned into “hacking over mobile”. Techies are increasingly expressing their concern over the FOM facility and claim that anyone who has activated it is in danger of identity theft. Little technical know-how and ulterior motive is all one needs to hack into a FOM user’s Facebook profile and with the help of any SMS portal, post malicious messages on it.
The excessive use of technology could also translate into more avenues for hackers and malware creators to exploit. Gunjan Piplani, media professional explains the use of FOM application, saying, “The user can update FB statuses by sending an SMS. I had subscribed it sometime back and they sent updates to my phone.” Upon subscribing to the service, a subscriber gets an SMS from Facebook every time anyone posts or comments on their page. And they can comment by replying to the same message with their comments. And this is the weak link in the service that hackers or spoofers use to break into the Facebook profile.
Popularly known as SMS spoofing, it is commonly used to play pranks, but that power can also be used to malign one’s image. Talking about the concept of SMS spoofing, Sunny Vaghela, ethical hacker and a cyber crime consultant, informs, “SMS spoofing or forging is possible because of AO-MT (application originated — mobile terminated) facility of mobile companies. There are many websites that allow a user to send an SMS using their customised sender ID. But many applications and websites are vulnerable, which allow the hacker to exploit the application and spoof the SMS as well.”
While spoofing SMSes isn’t child’s play it also isn’t impossible for a tech freak, who is hell-bent on creating nuisance, adds Sunny, and sounds warning bells by saying that anyone using Facebook mobile is susceptible to fraud. “Facebook mobile application allows people to use Facebook features using the mobile, so if a person’s number is spoofed, the hacker can exploit all features,” he adds.
However, the law provides protection for the victims in this case. If the spoofer’s Internet Protocol (IP) is traced, the culprit can be nabbed. Informs Santosh Raut, forensic expert, “If the user is able to track the IP address then it is possible to register a case\FIR in case one’s profile gets hacked.”
But the method isn’t foolproof, Santosh sums up saying, “Any IT professional can exploit this loophole easily by using a Chinese or US proxy server as then it gets almost impossible to track the culprit.”

Post new comment

<form action="/comment/reply/45145" accept-charset="UTF-8" method="post" id="comment-form"> <div><div class="form-item" id="edit-name-wrapper"> <label for="edit-name">Your name: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="60" name="name" id="edit-name" size="30" value="Reader" class="form-text required" /> </div> <div class="form-item" id="edit-mail-wrapper"> <label for="edit-mail">E-Mail Address: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="64" name="mail" id="edit-mail" size="30" value="" class="form-text required" /> <div class="description">The content of this field is kept private and will not be shown publicly.</div> </div> <div class="form-item" id="edit-comment-wrapper"> <label for="edit-comment">Comment: <span class="form-required" title="This field is required.">*</span></label> <textarea cols="60" rows="15" name="comment" id="edit-comment" class="form-textarea resizable required"></textarea> </div> <fieldset class=" collapsible collapsed"><legend>Input format</legend><div class="form-item" id="edit-format-1-wrapper"> <label class="option" for="edit-format-1"><input type="radio" id="edit-format-1" name="format" value="1" class="form-radio" /> Filtered HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd></li><li>Lines and paragraphs break automatically.</li></ul></div> </div> <div class="form-item" id="edit-format-2-wrapper"> <label class="option" for="edit-format-2"><input type="radio" id="edit-format-2" name="format" value="2" checked="checked" class="form-radio" /> Full HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Lines and paragraphs break automatically.</li></ul></div> </div> </fieldset> <input type="hidden" name="form_build_id" id="form-61df399a9a31b59b9ac77c4f5960e908" value="form-61df399a9a31b59b9ac77c4f5960e908" /> <input type="hidden" name="form_id" id="edit-comment-form" value="comment_form" /> <fieldset class="captcha"><legend>CAPTCHA</legend><div class="description">This question is for testing whether you are a human visitor and to prevent automated spam submissions.</div><input type="hidden" name="captcha_sid" id="edit-captcha-sid" value="82169550" /> <input type="hidden" name="captcha_response" id="edit-captcha-response" value="NLPCaptcha" /> <div class="form-item"> <div id="nlpcaptcha_ajax_api_container"><script type="text/javascript"> var NLPOptions = {key:'c4823cf77a2526b0fba265e2af75c1b5'};</script><script type="text/javascript" src="http://call.nlpcaptcha.in/js/captcha.js" ></script></div> </div> </fieldset> <span class="btn-left"><span class="btn-right"><input type="submit" name="op" id="edit-submit" value="Save" class="form-submit" /></span></span> </div></form>