Security Hole Found in Facebook App For Android and iOs

1
According to a Developer Gareth Wright there is a flaw in Facebook App for Android and iOs. Both versions of the app encrypts users’ personal information, which makes it easy to steal identity for hackers. According to PC World’s report, all it would take to exploit the unencrypted data is “a rogue application” or “two minutes with a USB cable.” Facebook has responded that this issue only applies to compromised or jailbroken devices.

“Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device,” a Facebook spokesperson said in a statement. “We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.”

Wright mentioned that he contacted Facebook regarding the issue and has apparently received word that a fix is in the works.

Source: Wright Blog
Via: PCWorld
Follow Us on our Channels:
  • Gunigugu

    “Both versions of the app encrypts users’ personal information, which makes it easy to steal identity for hackers.” 

    There’s something missing in that sentence…