Security Hole Discovered in Facebook And Dropbox iOS Apps
^_^
Posts: 4,429
Security Hole Discovered in Facebook And Dropbox iOS Apps
Security researcher Gareth Wright discovered that many iOS and Android applications store Facebook access tokens, a sequence of characters that give access to an account, in a plain text file. This file can then be used by anyone to retrieve information from an account, and in the worst case spoof your Facebook identity.
Gareth writes:
Comments
-
If your iDevice has an SSH server on the default port with the default password ("alpine"), facebook should be the least of your concerns. Anyone on the same wifi as you can enjoy full administrator access to your phone, and help themselves to all your personal data (theoretically even data in the keyvault), and trojan any binary on your system that they feel like. They can install a keylogger to capture any password you use on the device. They can use your device to penetrate any VPN or private wifi you have access to.There have been worms in the wild that spread between jailbroken iPhones with the alpine password. If you don't know what your ssh password is, or don't know what ssh is, open Cydia *now*. Manage-->Packages-->OpenSSH. If it's there, and you don't know the password isn't the default, uninstall it.
-
Well said. alpine is always the default password. It should be changed or SSH should be removed with the swiftness.
-
What if it's not there? And how can I make sure there isn't anything on my iOS now acceding my passwords?This **** ain't cool I do everything on my iOS....
-
Im sooooooo abusing this.
-
-
LOL, someone keeps checking the code all the time, really epic.
-
What a load of what ifs
-
What a load of what ifs mate
-
"... there isn’t any evidence (yet) of such a method being used to gain unauthorized access..." YEAH, UNTIL SOME FOOL PUBLISHED THIS ARTICLE!!
