javascript contador Saltar al contenido

Security hole in Facebook mobile apps?

Security hole in Facebook mobile apps?

Did the Facebook mobile application for iOS and Android really have a security hole or are they jailbroken or rooted terminals that make the systems vulnerable? You will see, since this is a case where things can be one way or another depending on the prism with which you look, and it comes in relation to what could be a security hole in the mobile application of Facebook for iOS and Android.

Initially, the Facebook mobile application was accused of having a security hole in which hackers had some forms of access to mobile terminals, where they could read Facebook’s .plist files, where the access token is contained. of the application, the complete and secret OAuth key, according to the developer Gareth Wright. This could motivate hackers to access and impersonate the legitimate owner, even being able to access third-party services where access with the Facebook identity is needed.

But the case is that there were experts who did not consider the arguments to be inaccurate or misleading, given that Wright discovered this supposed security hole by having his device jailbroken, so that access to the .plist file will be done only by the application itself unless the terminal has jailbroken or rooted in the case of Android terminals, as well as if you have physical access to flash memory, something very unlikely.

This situation has been discussed in TechCrunch, where the statements of the social network Facebook itself are also echoed, which is more in line with what the experts indicate. It also recommends that in cases of theft, remote erase applications be used, recommending Find My Phone for iOS or Exchange for Android terminals.

Goes: Techcrunch