Click to Skip Ad
Closing in...
  1. Amazon Kitchen Gadgets
    08:08 Deals

    This $20 Amazon kitchen gadget went viral on TikTok, and it’s mesmerizing

  2. Best Camera Drone Deal
    08:45 Deals

    Amazon’s best camera drone deal is a 2K drone that folds up as small as an iPhone fo…

  3. Disney Plus Subscription Price
    13:22 Deals

    Disney Plus subscription price is free for 6 months from Amazon

  4. Amazon Deals
    09:57 Deals

    Today’s top deals: Exclusive deals for Prime members only, $6 car detailing tool, $2…

  5. Amazon Best Sleep Aid
    10:44 Deals

    Amazon’s best sleep aid is a $16 product that works 20x better than anything else

Security hole in Facebook and Dropbox apps leave iOS users vulnerable [updated]

Dan Graziano
April 6th, 2012 at 1:15 PM

U.K.-based Android and iOS app developer Gareth Wright recently discovered a security hole in Facebook’s native mobile apps that can be used to steal a user’s personal information. Facebook’s Android and iOS apps do not encrypt login credentials, instead storing them in plain text files and allowing the information to be easily accessed and transferred over a USB connection, or more likely, through a malicious app. Wright explained in a blog post that Facebook’s plist file, or property list file containing personal data, is stored insecurely and not set to expire for 2,000 years. Once a plist file is copied to another device, one can simply open the normal Facebook app and will automatically be logged in the user’s account. Wright’s claims were confirmed by TheNextWeb, which also discovered that Dropbox’s iOS app includes the same security hole. The vulnerabilities do not require a device to be jailbroken or rooted, and exploits can be performed with a simple file explorer.

Update: Dropbox reached out to BGR regarding the issue, the company’s statement can be found after the break. 

“Dropbox’s Android app is not impacted because it stores access tokens in a protected location,” the company said. “We are currently updating our iOS app to do the same. We note that the attack in question requires a malicious actor to have physical access to a user’s device. In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices.”

Read [Gareth Wright’s blog] Read [TheNextWeb]

Popular News