New Security Hole In Facebook App Could Lead To Hacking Your Account [Warning]

by Abdelrahman Mohamed on April 6, 2012

We all know that the first thing you do is installing some social apps like Twitter, Facebook, ebuddy or any other social app for your iPhone, and maybe there is a large number of peoples who are using Facebook iOS app in chatting and checking messages, notifications and etc.. But the following news that we have got is not good for those Apple users who are using Facebook iOS app.. Because probably your Facebook account could be hacked..

A new and well known security researcher named Gareth Wright whose job is looking after Internet and accounts privacy and prevent it from hacking or stealing. Today Gareth has published a blog post that made a  large disturbance and too many questions now began appearing..

Almost all the questions was about how iOS developers are handling saved values — logins, etc. It seems that some apps are saving this data in plain, unencrypted text files…

According to some studies which stopped at a point which says that Using the free tool iExplorer (previously iPhone explorer) and a non-jailbroken iPhone, Wright was able to pull all kinds of account information from apps like Facebook and Draw Something, which was stored in unencrypted plist files.

Here’s the report:

“Popping into the Facebook application directory I quickly discovered a whole bunch of cached images and the com.Facebook.plist. What was contained within was shocking. Not an access token but full oAuth key and secret in plain text…

…Quick export and call to my good friend and local blogger Scoopz and I sent over my plist for him to try out. After backing up his own plist and logging out of Facebook he copied mine over to his device and opened the Facebook app.

My jaw droppped as over the next few minutes I watched posts appear on my wall, private messages sent, webpages liked and applications added.

So what should you do now after knowing this critical point ?! Well I must tell you to stay and avoid Facebook iOS app, don’t try to use it you can open Facebook from Safari or from computer but not from the iOS app because you may get hacked and lose everything from your information. You know the rest of the story..

[Via iDB]

Scoopz then opened Draw Something on his iPad which logged him straight into my account where he sent some pictures back to my friends.”

If you found this post useful, hopefully hit the +1 (recommend) button ⇉


Add CydiaHelp on Google

You can follow on Twitter, join our Facebook fanpage and add me on Google+ to keep yourself updated on the latest jailbreak and unlock news.

Previous post:

Next post: