A new security vulnerability in Facebook application for Android and iOS allows an attacker to steal your Facebook identity.
Gareth Wright,a UK-based app developer for android and iOS has identified a security vulnerability in Facebook mobile application. The problem is that Facebook app doesn't encrypt your login credentials ,leaving them accessible to other malicious apps or USB connections.
He explained the about the hack in this blog post.
Facebook responded this vulnerability discover by issuing the following statement:
"Facebook’s iOS and Android applications are only intended for use with the manufacturer provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device.This statement appears to indicate that it is only for jailbroken devices; TheNextWeb(TNW) says it is untrue, "Your Facebook app on iOS is absolutely vulnerable because using a tool like iExplore, which is what Wright used to perform his white label hack, does not require a jailbreak."
"We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device."
Researchers also discovered that popular file-syncing app Dropbox also exhibits the vulnerability.
