Potential Security Threat Revealed in Facebook for iOS, Android


When we save our login information to an online service within a mobile app, we trust that the app is going to manage our data securely. Even when intentions are good, a serious-enough oversight could potentially lead to us losing control over our accounts as hackers take possession of our login credentials. Facebook is facing such a problem now, with the revelation of some problems with its credential management on iOS and Android that could give hackers access to your account.

The issue has to do with how Facebook stores its login token. Reportedly, the data it saves after you enter in your password includes plaintext strings that can be used to later access your account. Not only does the Facebook app itself store this token, but other apps which you’ve granted permission to link with your Facebook account also store these tokens in their own directories.

Of course, to take advantage of this vulnerability, a hacker first needs to get one of those tokens off your phone. While that’s not exactly trivial, there are any number of ways a determined individual could copy that data, even if it requires physical access to the phone.

Facebook is reportedly aware of the situation, and presumably working on a fix. Possible solutions include generating login tokens that are only valid on one given device.

Source: Gareth Wright

Via: Mobile Burn

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!