A recent security issue found by Gareth Wright with the official Facebook application was found allowing a malicious user to grab personal information from .plist files such as user login information. The device could be passcode-locked and be unmodified (non-jailbroken) to gain access to this information and the information could be very easily obtained – emphasizing the point you don't have to be jailbroken to be affected. The problem was not only affecting iOS devices, but also reportedly affected Android devices with the Facebook application installed.
The same issue exists in the official Dropbox application, as information is stored as plain text and is not encrypted in any way whatsoever. This would give the hacker an opportunity to log into your Dropbox account and snoop through all of your files, edit them, or worse – delete them.
The good news is, the security problem may have been blown out of proportion – as it would be more difficult than it seems to obtain this personal information. While the security flaw still exists, the biggest opportunity a malicious user could have the potential of stealing your information is with about two minutes of physical access to your iOS device – meaning that they were holding it in their hand, which is why stolen iOS devices have the greatest risk. On the other hand, the only practical way a hacker could remotely extract the data from your iOS device is by having some kind of information-slurping malware installed on your personal computer that you use to sync your iOS device to iTunes.
Dropbox is currently in the process of updating their iOS application to make it more secure in terms of the way the application handles your personal information. This will make it much more difficult for a malicious hacker to obtain your personal information and put the application’s security on par with other iOS applications. They also tell us the Android version of the Dropbox application is not affected by this issue.
Our best advice to you for keeping your personal information safe?
- Keep all applications up to date – this helps ensure the best security
- Keep an eye on your iOS device – if the wrong person gets their hands on it, this could spell 'trouble'
- Always keep your computer's anti-virus software up to date – this will help you avoid information-slurping malware