Mobile users' Facebook identity at risk

April 5, 2012 at 6:52 PM   |   Comments

SAN FRANCISCO, April 5 (UPI) -- The Facebook identity of users of Android phones and tablets and iPhones and iPads can be stolen because of a security vulnerability, a British researcher says.

Gareth Wright, an app developer for Android and iOS, has found a security hole in Facebook's native mobile apps that can be used to steal personal information about a user, ZDNet.com reported Thursday.

The problem, Wright said, is that Facebook login credentials for Android or iOS platforms are not encrypted, meaning they can be easily taken from a USB connection or, more likely, through malicious apps.

All a hacker needs is to obtain your Facebook plist file -- a property list file, often used to store a user's settings -- then copy the file to his own device, Wright said.

When the Facebook app is opened, the hacker is logged into Facebook as the user whose file's he's stolen, with complete access to the user's account.

"Facebook are aware and working on closing the hole, but unless app developers follow suit and start encrypting the 60-day access token Facebook supplies, it's only a matter of time before someone starts using the info for ill purpose … if they aren't already," Wright said.

© 2012 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Recommended UPI Stories
Featured UPI Collection
2014: The Year in Music [PHOTOS]

2014: The Year in Music [PHOTOS]

Most Popular
Mars rover spots rock shaped like thigh bone
Tech industry All Stars developing 'Star Trek'-style communication badges
Latvia boasts world's first net for migrating bats
Parched land in the drought-riddled West is actually rising
Neanderthals and humans interacted for thousands of years
Trending News