Jump to content


Security hole exposes Android, iOS to Facebook identity theft

  • Please log in to reply
No replies to this topic

#1 TheSentinel


    The man in the dark

  • General Admin
  • 30,402 posts

Posted 06 April 2012 - 01:17 PM

Security hole exposes Android, iOS to Facebook identity theft

By Emil Protalinski | April 5, 2012, 10:39am PDT

Summary: A new security vulnerability discovered in Facebook for Android and Facebook for iOS means your Facebook identity can be stolen if you use an Android phone, Android tablet, iPhone, and/or iPad.

Update: Facebook: Android, iOS security hole only for jailbroken devices at http://www.zdnet.com...n-devices/11369

Gareth Wright, a U.K.-based app developer for Android and iOS, has discovered a security hole in Facebook?s native mobile apps that he says can be used to steal personal information about you. The problem is that Facebook?s apps for the two platforms do not encrypt your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps.

Wright detailed the issue in a blog post titled ?Facebook Mobile Security Hole allows Identity theft.? He explained that all a hacker needs is to grab your Facebook plist file (.plist is the extension used for a property list file, often used to store a user?s settings), which Facebook reportedly sets not to expire for another 2,000 years.

From there, he or she can back up his or her own plist, log out of Facebook, and copy yours to his or her device. When the Facebook app is opened, the hacker is logged into Facebook as you. He or she has complete access to your account. If that?s not bad enough, this also means the hacker can log into other apps on his or her device that require a Facebook login.

Detailed information: http://www.zdnet.com...ity-theft/11356