News by Dan Seifert on Thursday April 05, 2012.
|Sponsored links, if any, appear in green.|
A developer of mobile apps has discovered a security flaw in the Facebook apps for iOS and Android. The flaw is based on the fact that Facebook does not encrypt users' login credentials, potentially giving malicious attackers access to the information provided they have the opportunity.
Attackers that have access to a user's phone could identify the user's Facebook login and password through a USB connection or a specially programmed app. The problem is magnified by apps or games that use Facebook's login information to link a user's account to their services. Many apps use the same login token that Facebook stores unencrypted in plain text files.
It doesn't seem like the token actually spells out the user's email and password that they use to login to Facebook with, which is a good thing. Rather, it just gives the attacker access to the user's account, allowing them to post messages, add friends, and cause other havoc. Gareth Wright, the developer that discovered the flaw, says that he has contacted Facebook about the issue and received word that a fix is being sorted out. [via PC World]
Dan is MobileBurn.com's Editor-in-Chief. Based in Poughkeepsie in New York, Dan can be found on Twitter as @DCSeifert.