Skip to main content

Identity Theft Vulnerability Affects All iPhones, Not Just Jailbroken Ones

iPhone Facebook appsA report surfaced recently about a vulnerability in Facebook that allowed people to access someone else's account. The report initially stated that this vulnerability only affected people on a jailbroken iPhone, however, that doesn't seem to be the case anymore as two new reports are stating that it isn't only jailbroken phones that are at risk.

Gareth Wright, an app developer from the U.K., along with The Next Web have each confirmed, separately, that this new vulnerability affects any and all iPhones, not just jailbroken ones. In addition to that, it has been discovered that the vulnerability originated in Facebook's iPhone app.

Wright released his report earlier in the week and claimed that the iPhone Facebook app includes a vulnerability that fails to encrypt log-on credentials whenever you get on Facebook on your iPhone via the app. Wright also said that he also discovered a Facebook access token in the Draw Something game. Wright copied the token, used the Facebook Query Language and extracted the information.

According to Wright's report, "Sure enough, I could pull back pretty much any information from my Facebook account." Wright also mentioned that the property list of the app contained any and all information needed to allow someone other than you to access your Facebook account, send private messages and do anything else imaginable.

However, Facebook is sticking by their claim that the vulnerability only affects jailbroken phones. In a statement from the social media giant, the company said, "Facebook's iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device."

That may have been believable had The Next Web not released their very own report separate from Wright's. The Next Web confirmed themselves that the vulnerability also affects non-jailbroken phones. However, The Next Web also found that Dropbox also suffers from the same vulnerability, leaving the application open to a property list hack.

According to The Next Web, "We copied the .plist from one device, with the app installed and logged in, over to another which had a fresh installation of Dropbox on it. The profile copied and it worked seamlessly, as if we had logged on ourselves, which we had not." The Next Web also added that the Dropbox vulnerability works on phones that are passcode protected.

Facebook keeps saying that the vulnerability is only on jailbroken phones, though with the reports from Wright and The Next Web, I don't know how much longer the social media company can keep that story going.

Source: CNET - facebook ID theft impacts all iPhones, Dropbox
Power Point Projectors
Most business class projectors will do a good job displaying your PowerPoint presentation. If you have a small presentation group, a 2000 lumen LCD projector will be able to produce a nice and clear picture. For larger audiences you should consider a 5000 lumen LCD projector.

Comments

Popular posts from this blog

Windows 10 Spying Concerns: Are They Still Viable?

When Windows 10 first launched many users quick to flock to the new operating system as they were in a hurry to get away from Windows 8. However, a lot of those users became unsure of Windows 10 when reports started coming in that the operating system was practically spying on everything you did. Some of the reports were completely false while others held some truth but were completely blown out of proportion. With the operating system now available for over 8 months, it's time to take a look at all the concerns people had and whether or not those worries are still relevant today. Read more about this topic on the ComputerServiceNow Blog !

Toshiba Introduces Tiny Enterprise Hard Drives

Toshiba's Storage Products Business Unit has just announced a high-capacity 2.5" high-performance enterprise-class drive. Known as the Toshiba MK01GRRB/R series, this drive supports the exacting requirements for compute-intensive environments witha 15,000 RPM spin speed, a 6Gb/s SAS interface and a maximum capacity of 300GB1. In addition to that, this drive also offers drive-based encryption in order to help companies manage data security. According to Vice President of Marketing at Toshiba's Storage Products Business Unit Joel Hagberg, "Enterprise customers are increasingly satisfying their performance and capacity needs with power efficient small form factor drives. Enterprise drives with the latest self-encryption features are helping data centers to more cost-effectively achieve compliance with information security mandates. Toshiba small form factor enterprise drives deliver the performance, capacity and security features IT administrators require for today's...

Reader Q&A with Dr. Psych Mom: When Should You Have #2?

Kristen, a reader from (yet again, coincidentally) suburban Maryland, writes: Dr. Rodman, When did you plan on having your second?  My husband and I want more kids but are unsure a bit still and don't want to wait too long.  When did you start trying after Natalia?   Kristen Well, Kristen, first of all, that's a pretty personal question. Do you also want to know what position we used?  Nosy nosy.  Just kidding there.  Don't stop following my blog.  Anyway, when I went to Natalia's 9 month checkup, I was very proud of myself and told the pediatrician that I was still nursing her something like 6 times a day and pumping a bizarre amount of milk (I would get 12 oz pumped milk after her morning feed.)  The pediatrician was not impressed and said something to the effect of, feed her more food and nurse her less because she wasn't a newborn baby anymore.   We actually used these letter books, like, all the time. #Firstbaby So then, upon hearing so...