+ Reply
Results 1 to 11 of 11

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Facebook and Dropbox Security Issue Found - Easy Info Theft

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
A recent security issue found by Gareth Wright with the official Facebook application was found allowing a malicious user to grab personal information from .plist files such as user login
...
  1. #1
    MMi Staff Writer Anthony Bouchard's Avatar
    Join Date
    Sep 2011
    Location
    Florida
    Posts
    6,543
    Thanks
    190
    Thanked 936 Times in 688 Posts

    Default Facebook and Dropbox Security Issue Found - Easy Info Theft


    A recent security issue found by Gareth Wright with the official Facebook application was found allowing a malicious user to grab personal information from .plist files such as user login information. The device could be passcode-locked and be unmodified (non-jailbroken) to gain access to this information and the information could be very easily obtained – emphasizing the point you don't have to be jailbroken to be affected. The problem was not only affecting iOS devices, but also reportedly affected Android devices with the Facebook application installed.

    The same issue exists in the official Dropbox application, as information is stored as plain text and is not encrypted in any way whatsoever. This would give the hacker an opportunity to log into your Dropbox account and snoop through all of your files, edit them, or worse – delete them.

    The good news is, the security problem may have been blown out of proportion – as it would be more difficult than it seems to obtain this personal information. While the security flaw still exists, the biggest opportunity a malicious user could have the potential of stealing your information is with about two minutes of physical access to your iOS device – meaning that they were holding it in their hand, which is why stolen iOS devices have the greatest risk. On the other hand, the only practical way a hacker could remotely extract the data from your iOS device is by having some kind of information-slurping malware installed on your personal computer that you use to sync your iOS device to iTunes.

    Dropbox is currently in the process of updating their iOS application to make it more secure in terms of the way the application handles your personal information. This will make it much more difficult for a malicious hacker to obtain your personal information and put the application’s security on par with other iOS applications. They also tell us the Android version of the Dropbox application is not affected by this issue.

    Our best advice to you for keeping your personal information safe?
    • Keep all applications up to date – this helps ensure the best security
    • Keep an eye on your iOS device – if the wrong person gets their hands on it, this could spell 'trouble'
    • Always keep your computer's anti-virus software up to date – this will help you avoid information-slurping malware

    Sources: AppleInsider
    Last edited by Anthony Bouchard; 04-06-2012 at 01:09 PM.

  2. #2
    Green Apple
    Join Date
    Sep 2007
    Posts
    44
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Wish Wright would work on a 5.1 untether jailbreak instead..

  3. #3
    H4CK3R's Avatar
    Join Date
    Jan 2012
    Location
    java.lang.IllegalStateException: Location unknown.
    Posts
    5,812
    Thanks
    62
    Thanked 261 Times in 250 Posts

    Be patient. It's not their fault you updated to 5.1, there have been a ton of warnings out there and people still update, It's common sense. They are trying their best with 5.1 but don't expect it to come anytime soon. Doing that stuff is very time consuming and they have no guaranteed pay.

  4. #4
    iPhone? More like MyPhone xerray's Avatar
    Join Date
    Nov 2009
    Location
    U.S.A.
    Posts
    206
    Thanks
    31
    Thanked 28 Times in 19 Posts

    where is this ".plist" file located exactly...
    It Takes One To Know One

  5. #5
    My iPhone is a Part of Me wolverinemarky's Avatar
    Join Date
    Feb 2009
    Posts
    686
    Thanks
    19
    Thanked 34 Times in 33 Posts

    u know what upsets me about this is why cant they just encrypt all the information so we dont have these issues. R these developers just being lazy or is it harder then it sounds. I know encryption can be hacked also but why not just do it from the get go so you dont have all these security holes in your apps before hand.

  6. #6
    Green Apple
    Join Date
    Feb 2011
    Posts
    32
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Quote Originally Posted by wolverinemarky View Post
    u know what upsets me about this is why cant they just encrypt all the information so we dont have these issues. R these developers just being lazy or is it harder then it sounds. I know encryption can be hacked also but why not just do it from the get go so you dont have all these security holes in your apps before hand.


    Because if there's is a minimal system wide encryption it will slow the device down and then if one person cracks it it becomes useless, the developers have to develop their own so it's harder for all apps to be cracked

  7. #7
    iPhoneaholic jose060789's Avatar
    Join Date
    Nov 2009
    Posts
    361
    Thanks
    21
    Thanked 40 Times in 29 Posts

    Quote Originally Posted by X H4CK3R X View Post
    Be patient. It's not their fault you updated to 5.1, there have been a ton of warnings out there and people still update, It's common sense. They are trying their best with 5.1 but don't expect it to come anytime soon. Doing that stuff is very time consuming and they have no guaranteed pay.
    Uh? What about the people with the new iPads?
    Sent from my iPhone 4.

  8. #8
    iPhone? More like MyPhone Beastly L92's Avatar
    Join Date
    Oct 2011
    Location
    New Braunfels, Texas
    Posts
    151
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by jose060789 View Post
    Uh? What about the people with the new iPads?
    Uh? They get to wait a couple of months. Kinda like they do EVERY. SINGLE. TIME. a new iOS device is released. That's what.

  9. #9
    Green Apple
    Join Date
    Sep 2007
    Posts
    44
    Thanks
    2
    Thanked 2 Times in 2 Posts

    it is their fault..It was shipped with 5.1

    Quote Originally Posted by X H4CK3R X View Post
    Be patient. It's not their fault you updated to 5.1, there have been a ton of warnings out there and people still update, It's common sense. They are trying their best with 5.1 but don't expect it to come anytime soon. Doing that stuff is very time consuming and they have no guaranteed pay.
    it is their fault..It was shipped with 5.1
    No Sig Spam

  10. #10
    *T*
    *T* is offline
    Grumpy *T*'s Avatar
    Join Date
    Nov 2011
    Location
    Turn around slowly...
    Posts
    670
    Thanks
    122
    Thanked 48 Times in 39 Posts

    Information-slurping malware!

  11. #11
    iPhone? More like MyPhone
    Join Date
    Jan 2008
    Location
    New Jersey, USA
    Posts
    272
    Thanks
    3
    Thanked 25 Times in 21 Posts

    Quote Originally Posted by hudss View Post
    it is their fault..It was shipped with 5.1



    it is their fault..It was shipped with 5.1
    is it the jailbreaking devs fault that they purchased it?

    jailbreaking = FREE!!!

    and people still find a reason to complain. and I am sure I will get some more comments after this. probably like 'I know its free but "cry cry cry blah blah blah me me me me me"

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts