Photo: Courtesy of United Artists
A security researcher named Gareth Wright has uncovered an unpleasant security hole in the Android and iOS Facebook apps, reports The Next Web.A motivated hacker could copy a plain text file off of your mobile device that would grant him access to your entire account.
The problem exists within the app itself — the sensitive data isn’t encrypted, it simply sits on your device in plain, readable form.
There’s no jailbreak required to get this data either. Using a free piece of software called iExplore, which lets you browse your iPhone as if it were an external hard drive, Wright was able to gain access to the text file.
The trouble runs a level deeper, as The Next Web also discovered that Dropbox suffers from this same vulnerability.
Now that this news is out there, keep a close eye on who has your device and be on the lookout for app updates from Facebook and Dropbox.
We just got word from Dropbox saying the company’s Android app is not affected by this issue. A fix is already in the works for the iPhone version:
Dropbox’s Android app is not impacted because it stores access tokens in a protected location. We are currently updating our iOS app to do the same. We note that the attack in question requires a malicious actor to have physical access to a user’s device. In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices.