Skip to main content

Identity Theft Vulnerability Affects All iPhones, Not Just Jailbroken Ones

iPhone Facebook appsA report surfaced recently about a vulnerability in Facebook that allowed people to access someone else's account. The report initially stated that this vulnerability only affected people on a jailbroken iPhone, however, that doesn't seem to be the case anymore as two new reports are stating that it isn't only jailbroken phones that are at risk.

Gareth Wright, an app developer from the U.K., along with The Next Web have each confirmed, separately, that this new vulnerability affects any and all iPhones, not just jailbroken ones. In addition to that, it has been discovered that the vulnerability originated in Facebook's iPhone app.

Wright released his report earlier in the week and claimed that the iPhone Facebook app includes a vulnerability that fails to encrypt log-on credentials whenever you get on Facebook on your iPhone via the app. Wright also said that he also discovered a Facebook access token in the Draw Something game. Wright copied the token, used the Facebook Query Language and extracted the information.

According to Wright's report, "Sure enough, I could pull back pretty much any information from my Facebook account." Wright also mentioned that the property list of the app contained any and all information needed to allow someone other than you to access your Facebook account, send private messages and do anything else imaginable.

However, Facebook is sticking by their claim that the vulnerability only affects jailbroken phones. In a statement from the social media giant, the company said, "Facebook's iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device."

That may have been believable had The Next Web not released their very own report separate from Wright's. The Next Web confirmed themselves that the vulnerability also affects non-jailbroken phones. However, The Next Web also found that Dropbox also suffers from the same vulnerability, leaving the application open to a property list hack.

According to The Next Web, "We copied the .plist from one device, with the app installed and logged in, over to another which had a fresh installation of Dropbox on it. The profile copied and it worked seamlessly, as if we had logged on ourselves, which we had not." The Next Web also added that the Dropbox vulnerability works on phones that are passcode protected.

Facebook keeps saying that the vulnerability is only on jailbroken phones, though with the reports from Wright and The Next Web, I don't know how much longer the social media company can keep that story going.

Source: CNET - facebook ID theft impacts all iPhones, Dropbox
Power Point Projectors
Most business class projectors will do a good job displaying your PowerPoint presentation. If you have a small presentation group, a 2000 lumen LCD projector will be able to produce a nice and clear picture. For larger audiences you should consider a 5000 lumen LCD projector.
Labels:

Comments

Post a Comment

Popular posts from this blog

Airbag Recall! Don't Risk Your Safety!

Certain vehicles, equipped with Takata Airbags are currently being recalled nationwide. Customers are being urged to go to the NHTSA website; https://vinrcl.safercar.gov/vin/ and enter the vehicles Vehicle Identification Number (VIN) to see if their vehicle is included in this recall.  VIN numbers can also be checked through the OTS website; http://www.ots.ca.gov .  If the vehicle is included, they are to immediately contact their nearest dealer and schedule an appointment to have the vehicle repaired for free. In particular, if you own a 2001-2003 Honda or Acura vehicle, you are asked to immediately take your vehicle to an authorized dealer for inspection. Even if you don't own this type of vehicle, please  visit the SaferCar.gov website and check your vehicle VIN. It will identify other recalls as well.
Post a Comment
Read more

How to Make Money on Fiverr (How I Make $4000 a Month)

Fiverr pays if you for hobbies you play with   Drawing ,   Designing,  Graphics, Art, SEO, Article, music and audio, digital marketing, fun and live-style,  How i make up to  4000 dollar ( 1261000 naira   )  I joined Fiverr  https://michaeltrendz.blogspot.com.ng/  on September 2015 and have generated over 6 million naira from it. Prior to joining, I used to get angry with my friend who was a freelancer on Fiverr.   We were running an offline joint-venture business back then. Every minute he could steal from time, he will quickly log in to Fiverr to do what I didn’t know. Back then, I always saw Fiverr as a $5 marketplace and I couldn’t imagine how he would always dedicate more time to his Fiverr account instead of our offline business which was making us good money…..(so I thought). I didn’t miss any opportunity to make joke of him for slaving away on Fiverr and he wasn’t deterred at all by it……possibly he’d be laughing at me in his mind. It was not until my fiancé finished school and
Post a Comment
Read more

NPOWER BUILD TRAINING FOR THE NPOWER PROGRAME COMMENCES

Good morning, N-Power Build trainees, are you ready for an exciting time? Training for #NPowerBuild commences March 1st, 2018! Are you ready N-Power Build trainees? #NPowerNG #NPowerBuild #NPowerNG
Post a Comment
Read more