Pinterest Stumbleupon Whatsapp
Ads by Google

A serious bug was discovered recently in the Facebook and Dropbox applications on iOS and Android that could cause users to have their private information stolen. A malicious individual could install a program on a public computer or charging station to grant access to the devices and pull private data from users of these apps.

The flaw with these applications is that they store your private data as plain text, without any encryption. If the data is accessed, it’s an open book for the individual to read and do with as they choose.

Facebook issued a statement claiming that this would be a problem only for devices with modified firmware, but that was quickly proven to be untrue. As it turns out, any device that is connected to a public machine could have data stolen, regardless of whether the firmware is modified or not. Most of the testing of this flaw has taken place on iOS devices, but many people are reporting that it is an issue on Android as well.

When connecting your device to a public computer or charging station, something to keep in mind is that this file can be stolen even if your device has a pass-code lock on it. Facebook is aware of the issue and should be working on a fix.

Dropbox also stated (according to a spokesperson for Dropbox):

Ads by Google

“Dropbox’s Android app is not impacted because it stores access tokens in a protected location. We are currently updating our iOS app to do the same.  We note that the attack in question requires a malicious actor to have physical access to a user’s device.  In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices.”

If you are a user of the Facebook or Dropbox apps, you do not need to worry. Simply refrain from connecting your devices to public machines until updates for the apps are released.

Source: TheNextWeb

  1. Sihle
    May 7, 2012 at 8:47 am

    NOOOOOO! WRONG! You've gone to power off the device, moron. It asks if you want to cutninoe or cancel . Wtf? That is not a security flaw, that's is a moron with no know how and little brains

  2. Terry
    April 9, 2012 at 6:16 am

    Security is the only reason for dropping the Dropbox. Thanks to SyncBlaze and its offering. SyncBlaze does the same thing as Dropbox with lots more additional features and also an on premise option. We not only have a great solution to manage our content but also have complete authority over our content. We manage the service and also offer it to our clients as well. Thinking Smart.

    • Vito
      May 10, 2012 at 3:09 am

      from: iPhone 5 Chinese Clone hits market! | Using Apple Tagged with: adaerly-out apple chinese chinese-clone clone

  3. Tim
    April 8, 2012 at 6:13 pm

    Ummm... Why would you connect an iOS device to a public computer? For anyone who uses an iOS device in a normal fashion, this is fearmongering.
    And of course it wouldn't matter if the device were passcode-locked, because connecting to iTunes opens up all of the storage. (Of course, you'd also get a message that your iDevice was about to be erased, but, hey...) But again, that's like saying "We've uncovered a security flaw: if you hand your laptop to a stranger and let them connect a flash drive, they can steal your stuff!" Duh. But as Ron White says, you can't fix stupid.

  4. Sandesh
    April 7, 2012 at 4:22 pm

    Excellent

  5. Suhel
    April 7, 2012 at 8:17 am

    will it affect my mobile if its in switched off mode?

  6. itmecuk
    April 7, 2012 at 8:08 am

    Not again, stopped using last pass for very same reason.

  7. itmecuk
    April 7, 2012 at 8:06 am

    Not again, stopped using Lastpass for very same reason

  8. Chris Hoffman
    April 7, 2012 at 6:06 am

    Yikes, yet more Dropbox security problems -- this is why I don't store anything important in Dropbox. Their security history just scares me. Bring on the Google Drive!

Leave a Reply

Your email address will not be published. Required fields are marked *