Mobile users' Facebook identity at risk

April 5, 2012 at 6:52 PM

SAN FRANCISCO, April 5 (UPI) -- The Facebook identity of users of Android phones and tablets and iPhones and iPads can be stolen because of a security vulnerability, a British researcher says.

Gareth Wright, an app developer for Android and iOS, has found a security hole in Facebook's native mobile apps that can be used to steal personal information about a user, ZDNet.com reported Thursday.

The problem, Wright said, is that Facebook login credentials for Android or iOS platforms are not encrypted, meaning they can be easily taken from a USB connection or, more likely, through malicious apps.

All a hacker needs is to obtain your Facebook plist file -- a property list file, often used to store a user's settings -- then copy the file to his own device, Wright said.

When the Facebook app is opened, the hacker is logged into Facebook as the user whose file's he's stolen, with complete access to the user's account.

"Facebook are aware and working on closing the hole, but unless app developers follow suit and start encrypting the 60-day access token Facebook supplies, it's only a matter of time before someone starts using the info for ill purpose … if they aren't already," Wright said.

Related UPI Stories
Latest Headlines
Trending Stories
New evidence suggests Earth is product of two-planet collision
The physics of pancakes informs glaucoma treatments
New species of fluorescent polyps light up gastropod shells
Expedition finds lost lion population in Ethiopia
Scientists identify butterfly-like insect from the Jurassic age