Click to Skip Ad
Closing in...
  1. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  2. Amazon Deals
    10:42 Deals

    Today’s best deals: Free $25 from Amazon, $600 projector for $230, $8 wireless charg…

  3. Prime Day Deals
    10:03 Deals

    Prime Day starts Monday – but these amazing Prime Day deals start now

  4. Best Smart Home Devices 2021
    08:45 Deals

    10 smart home devices on Amazon you’ll wonder how you ever lived without

  5. Prime Day Deals
    09:43 Deals

    These early Prime Day deals have prices so low, it’s like Amazon made a mistake




Security hole in Facebook and Dropbox apps leave iOS users vulnerable [updated]

Dan Graziano
April 6th, 2012 at 1:15 PM

U.K.-based Android and iOS app developer Gareth Wright recently discovered a security hole in Facebook’s native mobile apps that can be used to steal a user’s personal information. Facebook’s Android and iOS apps do not encrypt login credentials, instead storing them in plain text files and allowing the information to be easily accessed and transferred over a USB connection, or more likely, through a malicious app. Wright explained in a blog post that Facebook’s plist file, or property list file containing personal data, is stored insecurely and not set to expire for 2,000 years. Once a plist file is copied to another device, one can simply open the normal Facebook app and will automatically be logged in the user’s account. Wright’s claims were confirmed by TheNextWeb, which also discovered that Dropbox’s iOS app includes the same security hole. The vulnerabilities do not require a device to be jailbroken or rooted, and exploits can be performed with a simple file explorer.

Update: Dropbox reached out to BGR regarding the issue, the company’s statement can be found after the break. 

“Dropbox’s Android app is not impacted because it stores access tokens in a protected location,” the company said. “We are currently updating our iOS app to do the same. We note that the attack in question requires a malicious actor to have physical access to a user’s device. In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices.”

Read [Gareth Wright’s blog] Read [TheNextWeb]




Popular News