Meta’s AI allowed to steal user accounts using only the name

A vulnerability in the artificial intelligence Meta AI allowed attackers to take full control of someone else’s Instagram accounts without authorization, even if they had previously activated two-factor authentication. According to specialized publications, among the confirmed victims was the official archive account of the White House during the presidency of Barack Obama.

The identified security breach in Meta AI allowed third parties to intercept control of other people’s pages. The error was inside the functionality of the intelligent chatbot, which is intended for automated administration. According to security researchers and the Neowin profile publication, the bug has been actively used for several months.

Security bypass scheme

Implementation of the attack did not require complex tools or technical knowledge. The hacking process through AI was built as follows:

• The attacker ran a geo-located VPN in the same country or region where the owner of the target Instagram profile is physically located.
• The hacker then sent a message to the Meta AI chatbot asking it to link a new email address to the desired account by simply providing a valid username.
• After receiving this command, the AI ​​assistant Meta AI automatically generated and sent a direct password reset link to the attacker’s email, completely bypassing the additional owner verification step.

Hacking the White House and expert profiles

Using this critical bug, unknown attackers managed to take control of the official account of the White House during the presidency of Barack Obama. New posts on this page have not appeared since the day of the first inauguration of Donald Trump (January 20, 2017). However, after an unauthorized entry, the burglars placed a picture on it with the inscription: “The White House is under Shiites’ control”. Other notable victims include reverse engineering specialist and popular mobile services researcher Jane Manchun Wong (@wongmjane).

Features of the Meta AI system and causes of vulnerability

The developers at Meta are initially positioning the AI ​​assistant as a centralized tool that works 24/7 in the Facebook and Instagram apps. The tool can independently perform various administrative actions directly within the social network ecosystem at the request of users. In the US and Canada, the company has opened similar technical support options even for unauthorized accounts. An additional problem was that the feature was tested in a limited mode (A/B testing), so users in the test group did not have the tools to disable it themselves.

Currently, Meta specialists have eliminated the dangerous flaw without making loud public statements. It is reported that the exploit has been successfully used for a long time. The number of potentially affected profiles can number in the thousands. Evidence of the scale of the problem was numerous complaints from ordinary users who regularly received unexpected system requests to forcibly change the set password, which they did not request.