Security flaw is more mobile than before, as well as identity theft and other data from Facebook profiles.
Facebook is said that this security hole, only victim of the operating system has been changed or jailbroken. This assertion is incorrect, because the vulnerability of all Android and Apple gizmos.
Security hole was discovered by a security expert Gareth Wright,who IExplorer, free program that allows users to find the file on their iPhones or iPads storage devices as if they were.
He discovered in the text as a sign of Facebook - encapsulation, a user's identity and personal information - in Omgpop Draw All mobile games.
 |
| The Drop Box |
After copying and testing of the access token of the query language, he was able to get access to "all information" in his Facebook account.
Facebook app to access the folder and access it with IExplorercom.Facebook.plist file, find its credentials in clear text. Wright sent a plist file to a local blogger, he is with friends, and bloggers can access their Facebook account and carry out activities, such as the taste of the wall pages, send personal messages, and send pictures to add apps to run anything.
Plist file, Wright installed four units, and the result was the same, so he contacted Facebook, which initially responded to this problem have been reported, and it works.
He tested multiple devices plist problem, which, as a rule, will be used to illegally collect user information, and Wright was able to collect more than a week in 1000 plist file (it does not copy any data).
Facebook issued a long statement, the accused persons, who have jailbroken or modified security hole:
IOS and Android applications for the Facebook-provided only by the manufacturer, operating system, and access tokens are only vulnerable if they have changed the mobile OS (ie jailbroken IOS or modded Android), or the condition, the actor threatened with physical access to the device.
We develop and test our applications with the same version of the mobile operating system and native of Hope, a foundation for development, implementation and compromised the safety of all on jailbroken devices. As Apple says, "IOS could allow hackers to steal personal information from unauthorized modification ... or a malware or a virus."
To protect themselves, we recommend that all users refrain from changing the use of mobile OS in order to avoid instability and security problems.
End of story? A. Wright and the Web as a duplicate of a security hole on devices that have been jailbroken or modified.
Wright published:
I feel I must repeat Facebook plays it, and it was fine, but says that only jailbroken phones are stolen or not.
The greatest risk of malware and viruses are designed to slurp data from devices connected to PCs, so that no matter what other articles say, jailbroken or not, that you are vulnerable.
When testing, it worked for closed pass - coded native IOS devices.
The Web has also shared her experience:
As a matter of fact, we are here to copy Facebook hack TNW Labs(using their own equipment) and it works very well without the jailbreak.
If you carefully read the Facebook application, but it does not cover the bases when he says that you are vulnerable if you have it quite right, "the actor threatened with physical access to the device." - The unit will be required to physically access one way or another, but that does not mean that it should be stolen or that someone was not for him.
