Security hole found in Facebook app for iOS & Android

A security flaw was found in Facebook app for iOS & Android. It appears that Facebook’s iOS and Android clients don’t encrypt users’ logon credentials, leaving them in a folder that is accessible to other apps or USB connections.

According to a media report-  A rogue application, or two minutes with a USB connection, are all that’s needed to lift the temporary credentials from either device. In the case of iOS, one can even lift the data from a backup, enabling the hacker to attach to a Facebook account and access Facebook applications for fun and profit.

The security hole was discovered by Gareth Wright, a UK-based developer of apps for iOS and Android devices.

The good thing however is that Facebook is aware of this vulnerability and is already working on a fix. Facebook said that the vulnerability affects jailbroken devices only but TheNextWeb claims otherwise. The technology site also discovered the same flaw in the popular file-syncing app Dropbox.

At the moment, it is unknown how long will Facebook take to release a fix or what customers should do in the meantime.

[Source]– The Register