Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
iPhone Newsforums, a part of the
A recent security issue found by Gareth Wright with the official Facebook application was found allowing a malicious user to grab personal information from .plist files such as user login...
04-06-2012, 01:04 PM #1
Facebook and Dropbox Security Issue Found - Easy Info Theft
A recent security issue found by Gareth Wright with the official Facebook application was found allowing a malicious user to grab personal information from .plist files such as user login information. The device could be passcode-locked and be unmodified (non-jailbroken) to gain access to this information and the information could be very easily obtained – emphasizing the point you don't have to be jailbroken to be affected. The problem was not only affecting iOS devices, but also reportedly affected Android devices with the Facebook application installed.
The same issue exists in the official Dropbox application, as information is stored as plain text and is not encrypted in any way whatsoever. This would give the hacker an opportunity to log into your Dropbox account and snoop through all of your files, edit them, or worse – delete them.
The good news is, the security problem may have been blown out of proportion – as it would be more difficult than it seems to obtain this personal information. While the security flaw still exists, the biggest opportunity a malicious user could have the potential of stealing your information is with about two minutes of physical access to your iOS device – meaning that they were holding it in their hand, which is why stolen iOS devices have the greatest risk. On the other hand, the only practical way a hacker could remotely extract the data from your iOS device is by having some kind of information-slurping malware installed on your personal computer that you use to sync your iOS device to iTunes.
Dropbox is currently in the process of updating their iOS application to make it more secure in terms of the way the application handles your personal information. This will make it much more difficult for a malicious hacker to obtain your personal information and put the application’s security on par with other iOS applications. They also tell us the Android version of the Dropbox application is not affected by this issue.
Our best advice to you for keeping your personal information safe?
- Keep all applications up to date – this helps ensure the best security
- Keep an eye on your iOS device – if the wrong person gets their hands on it, this could spell 'trouble'
- Always keep your computer's anti-virus software up to date – this will help you avoid information-slurping malware
Last edited by Anthony Bouchard; 04-06-2012 at 02:09 PM.
04-06-2012, 01:32 PM #2
Wish Wright would work on a 5.1 untether jailbreak instead..
04-06-2012, 01:40 PM #3
Be patient. It's not their fault you updated to 5.1, there have been a ton of warnings out there and people still update, It's common sense. They are trying their best with 5.1 but don't expect it to come anytime soon. Doing that stuff is very time consuming and they have no guaranteed pay.
04-06-2012, 01:47 PM #4
where is this ".plist" file located exactly...It Takes One To Know One
04-06-2012, 02:08 PM #5
u know what upsets me about this is why cant they just encrypt all the information so we dont have these issues. R these developers just being lazy or is it harder then it sounds. I know encryption can be hacked also but why not just do it from the get go so you dont have all these security holes in your apps before hand.
04-06-2012, 02:25 PM #6
04-06-2012, 02:42 PM #7
04-06-2012, 05:36 PM #8
04-06-2012, 05:46 PM #9
04-07-2012, 03:51 PM #10
04-09-2012, 11:14 AM #11