Security Hole Discovered In Dropbox and Facebook iOS/Android Apps

Posted Apr 6, 2012

Security researcher Gareth Wright has discovered a hole in the Facebook app on iOS and Android devices. The hack allowed people to use anyone to copy a plain text file off of the device on to another one. This would give another user access to your Facebook account. Dropbox also has the same vulnerability.

Facebook responded by saying:

Facebook?s iOS and Android applications are only intended for use with the manufacturer provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device.

We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device.

However The Next Web discovered that the vulnerability does not necessarily apply towards people that have jailbroken phones. By using the software tool iExplore, a Facebook account could be hacked into without the phone being jailbroken. It is true that iExplore is considered a malicious actor that would have access to the physical device.

However the only way you would be vulnerable is if someone stole your device or if you leave your device charging at public stations. Plus if you have a nerdy friend that is known for pranks, do not let them charge your phone on their computer.