Is there a list of Facebook code numbers to send auth tokens?
Up to a few days ago, I always received Facebook auth tokens from numbers +181338477XX, except a few times from +85294985XXX.
Problem is that lately I've been receiving codes directly from Italian numbers, which wouldn't be strange since I'm located in Italy, but there are two odd things:
1. they are much much slower than before, i.e. may take easily 2~15 minutes, while before they were instant
2. they are badly formatted, not exactly with spelling mistakes like the typical phishing mail, but oddly they add random characters in the text (examples follow)
Regular message: Il tuo codice di sicurezza di Facebook: XXXXXX
Odd messages:
+393460286641 Il,tuo codice'di sicurezza di Facebook: XXXXXX
+393774919485 Il tuo codice di,sicurezza_di Facebook: XXXXXX'
+393428446457 Il tuo codice,di sicurezza di Facebook: XXXXXX,
+393385643500 Il tuo codice di sicurezza_di Facebook: XXXXXX.
+393806332520 Il,tuo codice,di sicurezza di Facebook: XXXXXX
Some new SMS:
+393455720151 Usa 033985 come password per Facebook Messenger for.Android. +393402647316 Usa 033985 com password per Facebook Messenger for Android._ +393456388686 Usa 808589 com password per Facebook for Android.'
+393484224323 Usa 808589 com password perFacebook for.Android.
(these are different because it's not the web login but the Android app logins, but still weird characters appear)
I have two phone numbers bound to that FB account. Previously I logged only the message of one of those phones. Now instead of logging them on both phones, it is interesting to notice how even the "same" message was corrupted in different ways.
The first odd thing is those random characters (so far ,,',_,.) either between two words or at the end of the string, and the second odd thing is that the phone numbers are always totally different, while before they were using only two "main" numbers, with many "sub" numbers (pardon the made-up terms).
I'm totally clueless about who could do such a thing such as hijacking SMSs, why corrupt the messages this way, and why do that and not use it: i.e. looking at the logins, authorised devices, etc. there wasn't anything unusual.
A final oddity has happened the first time we received such a message: there are two phones bound for these auth tokens, and only one of those received the strange message, while the other one received the correct one (both were delayed, though).
The sms vulnerability reported to Facebook code number was something else as far as I saw, it uses Facebook's response to unregistered numbers to receive an unused confirmation code to reset the password of other users...
If you are using an Android device, I strongly suggest you should check your mobile for any malicious applications. While I was doing some research on Mobile security, I came across some applications that could steal information from devices. This happens when you install applications from third-party sites other than Google Play. Some of them are really strong that, they are capable of even updating themselves while an upgrade of OS is made (eg: JB-KitKat) I am not sure about the possibility of MITM, because who in the hell wants to intercept a response code and add weirdness to the message? And even if someone is intercepting you, they won't just send those messages to you because from my belief, once a token is used it expires, so if they use it, you won't be able to use it.
- My opinion is that, every now or then FB makes roll outs , try new features. They might have tried some kind of localization on the sms/login-token features.
- If only one of your phone numbers has this problem, you may also have to consider the possibility of a fault from the service provider.