Click to Skip Ad
Closing in...
  1. Amazon Deals
    07:58 Deals

    10 deals you don’t want to miss on Saturday: $5 Alexa smart plugs, $110 electric sta…

  2. Amazon Deals
    07:59 Deals

    10 deals you don’t want to miss on Sunday: Rare Nest Thermostat sale, Alexa in your…

  3. Amazon Gift Card Promotion
    14:41 Deals

    Amazon’s giving away $15 credits, but this is your last chance to get one

  4. Self-Emptying Robot Vacuum
    16:11 Deals

    Amazon coupon slashes our favorite self-emptying robot vacuum to its lowest price ever

  5. Apple Watch Series 6 Amazon
    14:59 Deals

    Apple Watch Series 6 is $100 off in this surprise Amazon sale

Security hole in Facebook and Dropbox apps leave iOS users vulnerable [updated]

Dan Graziano
April 6th, 2012 at 1:15 PM

U.K.-based Android and iOS app developer Gareth Wright recently discovered a security hole in Facebook’s native mobile apps that can be used to steal a user’s personal information. Facebook’s Android and iOS apps do not encrypt login credentials, instead storing them in plain text files and allowing the information to be easily accessed and transferred over a USB connection, or more likely, through a malicious app. Wright explained in a blog post that Facebook’s plist file, or property list file containing personal data, is stored insecurely and not set to expire for 2,000 years. Once a plist file is copied to another device, one can simply open the normal Facebook app and will automatically be logged in the user’s account. Wright’s claims were confirmed by TheNextWeb, which also discovered that Dropbox’s iOS app includes the same security hole. The vulnerabilities do not require a device to be jailbroken or rooted, and exploits can be performed with a simple file explorer.

Update: Dropbox reached out to BGR regarding the issue, the company’s statement can be found after the break. 

“Dropbox’s Android app is not impacted because it stores access tokens in a protected location,” the company said. “We are currently updating our iOS app to do the same. We note that the attack in question requires a malicious actor to have physical access to a user’s device. In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices.”

Read [Gareth Wright’s blog] Read [TheNextWeb]

Popular News