Jailbroken iOS Devices And Rooted Android Devices Effected By A Newly Discovered Facebook Vulnerability
A new security hole has been found in Facebook’s native mobile applications, as reported by zdnet, that allow hackers to steal personal information for you. This security hole was discovered by an app developer who goes by the name of Gareth Wright, and effects both Android and iOS smartphones. The problem stems from Facebook not encrypting your login credentials, and storing them in a plain text file.
Due to the fact that both Google and Apple restrict access to the filesystem of their smartphones, this is not a problem for those who do not modify the operating system. If you have a Jailbroken or Rooted device however, it means hackers can exploit this vulnerability and steal personal information from you.
This is the official statement from Facebook on the matter:
Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device. We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.
For those that are wondering why Facebook doesn’t just use authentication tokens for storing your login information, apparently it wouldn’t do much good because there would need to be a key stored on your device to decrypt. The only viable solution would be to force users to login every time they launch the Facebook application, but this could become tedious.
What are your thoughts on this security vulnerability on Jailbroken/Rooted devices? Does this worry you? Share your responses in the comments section below…