Friday, September 19, 2014

Auto Likes & Their Unknown Outcomes


Socializing is become our part of life now a days. Specially if we talk about Facebook, its one of the socializing network which is gaining popularity among the users rapidly.
Well let us not beat about the bush. Now a days, we see many users in our friends list asking us to like there Display Pictures or comment/like on a specific post, which no doubt irritate us. Many groups also started organizing competition that the one who gets the highest likes/comment on the specific post will be awarded.






Now, there are 3 ways by which one can get numerous likes on his/her post. Which are disclosed below :
1 : Asking Friends
2 : Using website which provide likes/comment on the basis of LIKES FOR LIKES/ COMMENTS FOR COMMENTS etc
3 : Using websites which provide free facebook likes by utilizing your facebook TOKENS.

ACCESS TOKENS :
An access token is an opaque string that identifies a user, app, or page and can be used by the app to make graph API calls. Access tokens are obtained via a number of methods, each of which are covered later in this document. The token includes information about when the token will expire and which app generated the token. Because of privacy checks, the majority of API calls on Facebook need to include an access token.
 
Now, the above mentioned 2 out of 3 options are not harmful except of the 3rd one, yes, websites which provide likes by utilizing you Facebook Access Tokens.
How they can harm us? For this, we are going to take a website as an example .
Lets start, im taking this website as an example :

You can see, the website is offering free likes and for this they are demanding your Access Tokens, well let us move forward by providing them our Access token.

So when I clicked on “GET AN ACCESS TOKEN” , a dialogue box open of a well known website’s app named “SPOOTIFY” (It may be different for e.g HTC, Skype, Nokia etc). After allowing it, the app redirected me on their website which looks like below :

Now if you noticed, I got my ACCESS TOKEN, which is something like this :
CAAAAKLSe4lIBAGgpWz3JnH4iqo1rZCBsLanVxqLCKQii68RSB5LbmTaAVBtQqTLQeq …. And so on till the end.
I Copied it and paste the whole code in that website’s submission box
After submitting my token, it redirected to me on another page where they were showing my recent status/post and asking me to press the START button to get likes.

Well I did the same as they demanded,

Woo, within 6 minutes I got 115 likes on my post and the numbers kept on increasing.

Amazing? Yes it is, now why not check out the darker side of the same joyful story ?
Now I visited Facebook developers page in order to investigate that what I have done.
I submitted my Facebook Access Token which I got from that Auto Like website into the Facebook Developers Debugging Tool’s dialogue box in order to debug it, and I got shock when I saw the following details :






Facebook disclosed me that the app which I had recently used demanded my Access Token which give it permission from my side to have certain information who’s scope are mention above.
You can see that the website on which I used my ACCESS TOKEN have access my all notification, pages and different personal stuff. It will not be wrong If I says that the website hacked me without getting my password. On further research, I found  that they can post any status, can send any messages or can make any like to someone’s post on behalf of my automatically without letting me know.
Then I realized that how this AUTO LIKE mechanism works,  as I used the website for auto likes and gave my ACCESS TOKEN to them, the website automatically saved my ACCESS TOKEN into their database and then utilized it on liking others post when someone else uses the same website for the same reason. In such way they are increasing there likes number and accessing their user’s personal information without letting them know.

However, Even facebook can’t take action on this as it is not a loop hole in Facebook but it’s a 3rd Party Application which is exploiting those users who blindly using different apps of social world.

PREVENTION :

However, we should firstly avoid such websites from letting them exploit ourselves, but if one in any way had used such website then he/she can make their ACCESS TOKEN expired by changing their PASWWORDS.  Once the ACCESS TOKEN expired then no one can use them in any way.


On my next upcoming article, i will demonstrate that how to one can hack other facebook users by having an access to their ACCESS TOKENS 

2 comments:

  1. Ever wanted to get free Facebook Likes, YouTube Views, Google+ Circles, Twitter Followers, Instagram Followers, and also SoundCloud Plays?

    Did you know you can get all of these Likes, Followers, Views & Subscribers AUTOMATICALLY AND ABSOLUTELY FREE?

    All you need to do is register on the following Social Exchange sites, earn free points & exchange them for Followers, Subscribers, Likes or Views to your Social Accounts.
    1. Add Me Fast
    2. Like 4 Like
    3. You Like Hits

    Advertising networks that allow you to earn free advertising credits daily:
    1. MellowAds

    Use the credits to advertise your social network profiles for free.

    ReplyDelete
  2. Ever wanted to get free Facebook Followers?
    Did you know you can get these AUTOMATICALLY & ABSOLUTELY FOR FREE by registering on Like 4 Like?

    ReplyDelete