Security hole in Facebook and Dropbox apps leave iOS users vulnerable

<center><a href="http://www.bgr.com/2012/04/06/security-hole-in-facebook-and-dropbox-apps-leave-ios-users-vulnerable"><img class="size-full wp-image-128063 aligncenter" title="hackers-hacking-hacks" src="http://www-bgr-com.vimg.net/wp-content/uploads/2012/02/hackers-hacking-hacks.jpeg" alt="" width="652" height="490" /></a></center>

U.K.-based Android and iOS app developer Gareth Wright recently discovered a security hole in Facebook’s native mobile apps that can be used to steal a user’s personal information. Facebook’s Android and iOS apps do not encrypt login credentials, instead storing them in plain text files and allowing the information to be easily accessed and transferred over a USB connection, or more likely, through a malicious app. Wright explained in a blog post that Facebook’s <em>plist</em> file, or property list file containing personal data, is stored insecurely and not set to expire for 2,000 years. Once a <em>plist</em> file is copied to another device, one can simply open the normal Facebook app and will automatically be logged in the user’s account. Wright’s claims were confirmed by <em>TheNextWeb</em>, which also discovered that Dropbox’s iOS app includes the same security hole. The vulnerabilities do not require a device to be jailbroken or rooted, and exploits can be performed with a simple file explorer.<span id="more-134779"></span>

<a href="http://garethwright.com/blog/facebook-mobile-security-hole-allows-identity-theft">Read</a> [Gareth Wright's blog] <a href="http://thenextweb.com/mobile/2012/04/06/security-hole-in-facebook-ios-app-doesnt-require-jailbreak-or-theft-and-dropbox-has-it-too/">Read</a> [TheNextWeb]

<img src="http://feeds.feedburner.com/~r/TheBoyGeniusReport/~4/WPb83bE-iF8" height="1" width="1"/>

Via BRG - Boy Genius Report