Tech content trusted by users in North America and around the world
6,803 Reviews & Articles | 46,997 News Posts
Make us an awesome TweakTown wallpaper, win a Corsair Hydro H110i GT

WARNING: Facebook Mobile for iOS and Android allows easy access to your login information

A Facebook security hole on iOS and Android could allow your Facebook to be hacked.
| Hacking & Security News | Posted: Apr 5, 2012 9:29 pm

Once again, I get to be the bearer of bad news just to keep you, our reader, safe. Facebook's Mobile app for iOS and Android store your login information in a plaintext file that doesn't expire until the year 4001. The Facebook .plist file where your login data is stored could easily be swiped by a USB connection or via malicious apps.




Gareth Wright, a U.K.-based app developer for Android and iOS, is the discoverer of this bug. He discovered it after poking around in the application directories using the free tool iexplorer. He first found a plaintext Facebook Access token that was stored by DrawSomething and was able to query all of his data.


He then took a look at Facebook's directory where he found the .plist in question. He passed this file over to his friend and fellow blogger who, in the next few minutes, started posting status updates, sending private messages, and even liking websites. In other words, he had full control over the account.


Facebook is currently working on a fix, but there is no ETA. Additionally, other apps who use Facebook Access Tokens need to encrypt those as well. This is just another reason to be careful when selecting apps or plugging your device into a shared PC. Getting Facebook "jacked" just became real.


Related Tags

Got an opinion on this news? Post a comment below!
Subscribe to our Newsletter

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases