Security of the mobile apps has increasingly become critical since a hacker with malicious intents can use an app data to wreck a lot of havoc on a user. Now, it has been revealed by a mobile developer, Gareth Wright, that the iOS app of both Facebook and Dropbox store data in an insecure way so that a hacker can get hold of it and use it on his own.
According to Gareth, the Facebook plist file or property list file that contains the personal details of a user, is not stored securely. In fact, the expiry limit for a Facebook plist file is 2,000 years. Now, if a hacker is able to access a user’s mobile or somehow intercept it and is able to access the plist file, he can then log into the Facebook app using the details of the user. This problem is currently only in the iOS version of Facebook app.
Similarly, Dropbox iOS app is one of the most widely used iOS apps. The same security loophole has been found in it. All a hacker needs to do is access the file that contains login credentials. Dropbox, like Facebook, doesn’t encrypt them and as a result, a malicious app or a hacker can access the file and use these credentials to log into the app with the user’s details.
However, what makes it a not-too-grave security problem is that a potential hacker will first have to access the device physically and get the login-credentials file. Only then can he compromise the security of the user. This is pretty much what was Dropbox’s official response when the issue was discovered, ‘“Dropbox’s Android app is not impacted because it stores access tokens in a protected location. We are currently updating our iOS app to do the same. We note that the attack in question requires a malicious actor to have physical access to a user’s device. In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices.’
Image courtesy Kinologik.