Mobile users' Facebook identity at risk

April 5, 2012 at 6:52 PM
share with facebook
share with twitter

SAN FRANCISCO, April 5 (UPI) -- The Facebook identity of users of Android phones and tablets and iPhones and iPads can be stolen because of a security vulnerability, a British researcher says.

Gareth Wright, an app developer for Android and iOS, has found a security hole in Facebook's native mobile apps that can be used to steal personal information about a user, reported Thursday.

The problem, Wright said, is that Facebook login credentials for Android or iOS platforms are not encrypted, meaning they can be easily taken from a USB connection or, more likely, through malicious apps.

All a hacker needs is to obtain your Facebook plist file -- a property list file, often used to store a user's settings -- then copy the file to his own device, Wright said.

When the Facebook app is opened, the hacker is logged into Facebook as the user whose file's he's stolen, with complete access to the user's account.

"Facebook are aware and working on closing the hole, but unless app developers follow suit and start encrypting the 60-day access token Facebook supplies, it's only a matter of time before someone starts using the info for ill purpose … if they aren't already," Wright said.

Related UPI Stories
Trending Stories