Denials don't fix Facebook security flaw on iOS, Android

Unencrypted, 'temporary' user credentials available to simple malware until year 4001

By  

Technology geeks tend to be better at logic and math than mostother species of geek, so it's odd this hasn't come out before, as a theory based on mathematical projections, if nothing else.

See if it adds up for you:

    IT Syllogism Puzzle of the Day:
  • If: Facebook is famously insecure and exploitive in the way it uses the personal information of customers;
  • And: Smartphones running Android (and, to a lesser extent, iOS) are famously insecure in the way they store personal data, transmit it and allow apps permission to read, write or invent it;
  • Then: Facebook apps running on Android and iOS smartphones ______________?
  • If your answer was "Facebook on Android and IOS smartphones are even more insecure," you win. Take the weekend off.
  • Extra points if you added expletives for emphasis. Level up if your answer was: "Therefore, Socrates is a cat."

Today's sadly obvious (in retrospect) revelation about smartphone insecurity is that the Facebook apps running on Android and iOS do not encrypt user login credentials either while they're stored on the phone or while they're being broadcast across Wi-Fi or cell networks as their users log in, according to a British developer who builds apps on both iOS and Android.

When users log in using the Facebook app for iOS or Android, the app creates a set of "temporary" credentials it stores in an unencrypted, unsecured property list (.plist) file accessible to anyone with physical access to the device or any apps running on it, according to designer and developer Gareth Wright, who discovered the flaw, blogged about it April 3.

Some iOS games do the same thing, but use iOS security to keep data on high scores from being released and only store user data for 60 days, according to TheRegister.

Facebook is more liberal; it defines "temporary" as lasting until the year 4001.

Photo Credit: 

Facebook

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question