I can't remember if this is automatic now or if I set this up a while back but I get emails of login traffic sent to an email account so I can monitor anyone and where they log in from. What I noticed is that the normal IPs were there and nothing at all seemed out of place. Except for 2 of them. After doing a trace they belonged to sprint cell phones. I have one of those so I didn't think too much about it at first. So I began to play with logging in from my cell.
I got this with the facebook app. "It looks like someone used your Facebook account to log into Facebook for Android (Thursday, April 5, 2012 at 7:37pm)."
This from cell browser. "A new unknown device logged into your Facebook account (Friday, April 6, 2012 at 7:06am) from San Jose, CA, US (IP=66.87.**.**). (Note: This location is based on information from your ISP or wireless provider.)" with a nifty little notification that stated, "An unrecognized device recently attempted to access your account, let us know if it was you." But it's the first time I've seen that before. The IP was in range for my cell that I received in the other two emails.
Taking a look at active sessions I see this shit. "Logged in from ****, **, ** and 5 other locations." I know thought 3 of them I just did. Computer/App/Cell Browser. But then I see this. "If you notice any unfamiliar devices or locations, click 'End Activity' to end the session. This list does not currently include sessions on Facebook's mobile site (m.facebook.com)."
Here are the supposed 5 active sessions:
- Code: Select all
Last Accessed: Today at 10:08am
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 [FBAN/FB4A;FBAV/1.8.2;FBDM/{density=1.5,width=480,height=800};FBLC/en_US;FB_FW/1;FBCR/Sprint;FBPN/com.facebook.katana;FBDV/SPH-D710;FBSV/2.3.6;]
Last Accessed: Today at 10:06am
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Last Accessed: Today at 1:47am
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 [FBAN/FB4A;FBAV/1.8.2;FBDM/{density=1.5,width=480,height=800};FBLC/en_US;FB_FW/1;FBCR/Sprint;FBPN/com.facebook.katana;FBDV/SPH-D710;FBSV/2.3.6;]
Last Accessed: Yesterday at 10:37pm
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 [FBAN/FB4A;FBAV/1.8.2;FBDM/{density=1.5,width=480,height=800};FBLC/en_US;FB_FW/1;FBCR/Sprint;FBPN/com.facebook.katana;FBDV/SPH-D710;FBSV/2.3.6;]
Last Accessed: Yesterday at 10:37pm
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Session Initiated: Yesterday at 10:37pm
Application Name: Facebook for Android
So I ended them all and started over. I logged in first using the browser on my phone. I got the nifty notification again, but no email and active session did not appear. Next was the app and omg.
- Code: Select all
Last Accessed: Today at 10:41am
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 [FBAN/FB4A;FBAV/1.8.2;FBDM/{density=1.5,width=480,height=800};FBLC/en_US;FB_FW/1;FBCR/Sprint;FBPN/com.facebook.katana;FBDV/SPH-D710;FBSV/2.3.6;]
Last Accessed: Today at 10:41am
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 [FBAN/FB4A;FBAV/1.8.2;FBDM/{density=1.5,width=480,height=800};FBLC/en_US;FB_FW/1;FBCR/Sprint;FBPN/com.facebook.katana;FBDV/SPH-D710;FBSV/2.3.6;]
Last Accessed: Today at 10:40am
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Last Accessed: Today at 10:40am
Location: San Jose, CA, US (Approximate)
Device Type: Unknown
Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; SPH-D710 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Wtf...?
Now I'm just confused. I closed both 10:41 sessions to be safe and the app still works. I thought at first I was victim to something in the same family of firesheep. Now I'm not sure if that was the case or my phone is bugged. If you guys/girls are still with me here, part question, part discussion. What the hell is going on? / Session hacking cell phones.
Go.
(and thanks)
