TweakTown
Tech content trusted by users in North America and around the world
6,135 Reviews & Articles | 39,417 News Posts

WARNING: Facebook Mobile for iOS and Android allows easy access to your login information

A Facebook security hole on iOS and Android could allow your Facebook to be hacked.

| Hacking & Security News | Posted: Apr 5, 2012 9:29 pm

Once again, I get to be the bearer of bad news just to keep you, our reader, safe. Facebook's Mobile app for iOS and Android store your login information in a plaintext file that doesn't expire until the year 4001. The Facebook .plist file where your login data is stored could easily be swiped by a USB connection or via malicious apps.

 

TweakTown image news/2/3/23413_14_warning_facebook_mobile_for_ios_and_android_allows_easy_access_to_your_login_information.png

 

Gareth Wright, a U.K.-based app developer for Android and iOS, is the discoverer of this bug. He discovered it after poking around in the application directories using the free tool iexplorer. He first found a plaintext Facebook Access token that was stored by DrawSomething and was able to query all of his data.

 

He then took a look at Facebook's directory where he found the .plist in question. He passed this file over to his friend and fellow blogger who, in the next few minutes, started posting status updates, sending private messages, and even liking websites. In other words, he had full control over the account.

 

Facebook is currently working on a fix, but there is no ETA. Additionally, other apps who use Facebook Access Tokens need to encrypt those as well. This is just another reason to be careful when selecting apps or plugging your device into a shared PC. Getting Facebook "jacked" just became real.

NEWS SOURCES:Zdnet.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases