Flaw in Facebook App Allows Account Hijacking

by Nelson T
In an article found in PC magazine online. They say that there is a flaw in the iPhone Facebook app that can potentially allow a hacker or mischievous individual access to ones Facebook account. They find that the credentials to such accounts are stored in the plist or program list file within the app in regular text. Security researcher Gareth Wright found the flaw and was notified Facebook of this issue. They are working on a fix but they say that this security flaw is most apparent on a “jail-broken” device. Facebook developers responded by saying that the security of the application is compromised when the user modifies the OS and could potentially allow malicious attacks and software cause information theft and damage. Gareth Wright also says that the Facebook app is also used in different apps as a means of authenticating user information from their Facebook account. He also talks how someone who can create malicious software to extract data whenever such devices are plugged in and allow for such viruses to steal information from the handset. So he says to be careful when plugging in your device to any shared/public computer and public docking and charging stations.

I feel that now that everything we do in cyberspace we have to have various accounts keeping our information for authentication. As with social media, everyone i believe shares a lot of data and information about themselves over cyberspace and with smartphones on the rise a lot of people are using social apps or other apps that contain their information as well. Having security flaws like the one found on the Facebook app keeps me uneasy. knowing that there is a flaw that could allow someone to take my account information and use it for wrong. Some social apps that I have seen use Facebook account authentication and use my account to make another account and use their services using my Facebook account information. knowing that the flaw can extend to other accounts that I makes me think twice about what I’m logging into and where I physically connect my device up to. I hope the developers at Facebook fix this issue soon.

 

Source:

Hachman, M. (2012, April 05). Facebook app flaw makes hijacking your account a snap. Retrieved from http://www.pcmag.com/article2/0,2817,2402653,00.asp

4 thoughts on “Flaw in Facebook App Allows Account Hijacking

  • May 6, 2012 at 10:23 am
    Permalink

    I understand your frustration. I feel that Facebook should take greater precautions to keep their user’s data secure. Facebook should take responsibility for their mistake, it is wrong to point the fingers on the individual users just because they are using a “Jail-broken” device. I think if they use this as an excuse then they should provide a disclaimer that states their application’s security vulnerabilities for “jail-broken” devices. But the right thing to do in my opinion is to have Facebook developers stop whining and fix this critical security issue. I am glad I am using an Android phone, but then again who knows, maybe the android Facebook app has the same issue that has not been revealed yet.

  • May 6, 2012 at 12:34 pm
    Permalink

    The idea that someone can gain so much of your information because you played a simple game like “Words with Friends” is disheartening and scary. Facebook is becoming a giant in the social industry and I think they need to place more reinforcement on the security front of their company. In a system where so much information is available, one would think protection of data would be their main objective. This seems to be a problem more on Facebook itself rather than jail broken devices. Facebook needs to fix this issue before everyone is too scared to trust the company with their information.

  • May 6, 2012 at 7:31 pm
    Permalink

    Facebook should definitely own up to this flaw and fast. They need to put some test procedures in place for all their upgrades to test every scenerio, so these vulnerabilities don’t effect their clients.

  • May 6, 2012 at 11:33 pm
    Permalink

    I agree with CyberChic. Facebook being the social giant they are need to take in full effect of what has happened. Losing your personal information is one of the worst things that can happen and Facebook maybe needs to expand their network security so people may trust them again one day.

Comments are closed.