Facebook Security Issue on Jailbroken iOS Devices

It was revealed today that there is a security issue with the Facebook apps for iOS and Android, where any knowing wrong-doers could steal your Facebook log in credentials, through some type of hole in the security. Apparently, the information is not encrypted properly, when being entered, and if you know what you’re doing, you can easily steal this info via USB, or through a downloaded app.

Facebook has come forward to comment on the issue and they have said this issue is only present in “compromised” devices.

“Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device. We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.”

Representatives for Facebook previously said they were looking into the issue, but now it seems they are saying “it’s not our fault”. Since the above statement was released, they have said they are looking at ways to fix this on all devices. Accessing you info via USB can’t be fixed, but they are looking at ways to stop malicious apps from stealing your info. We have seen in the past that some jailbreak developers often release their own patches for these vulnerabilities, so keep checking Cydia for a fix. 😉

[via ZDNet]

  • Ari

    Simple solution, don’t jailbreak. Do any of you realize what “jailbreak” means? Before a jailbreak, each application is running in a secure sandbox called a BSD jail and when you “jailbreak”, you are breaking that security mechanism and essentially allowing the lunatics to run free.

  • Neener

    @Ari. Uhh not really how it works but anyways…Im going to jailbreak. I like my phone to be MINE thank you.
    Thats alot to steal someones password just for facebook. and what it the worst that can happen? They update you status? Oh no..

  • Greed

     most people use the same password on multiple accounts

    and if your not worried, why don’t you just post your password here Neener?

  • Vikram Kalsi

     I feel like my iPhone is “MINE” without a jailbreak. I hate when people use the “I freed myself from the clutches of Apple” notion. All you did was allowed the ability for getting different types of apps and functionality because you wanted them. If apple is evil why buy their products?

  • Ari

    Uh, yeah that is exactly how it works. I had previously jailbroken my devices but I no longer do so. I used to install my own icon themes back in the day with SFTP. Everything was browsable from my computer or even from a file manager on my jailbroken device. RFA above. When a device is jailbroken, other applications can access files in other app storage locations which is not possible on a native installation of iOS.

  • acer1234

    We should all stop being so paranoid.  

  • BassErik

    my neighbor’s step-sister brought home $20864 a week ago. she has been making cash on the internet and bought a $519900 home. All she did was get lucky and apply the advice exposed on this link>>> lazycash1DOTcom

  • Muddy_Water

    According to BGR… 
    The vulnerabilities do not require a device to be jailbroken or rooted, and exploits can be performed with a simple file explorer. 

    10$ say the jailbreak community patch this before apple or facebook do.

  • Djelimon17

    What apps attempt to steal your credentials?

    I think that’s really the key question

  • Ari

    BGR is obviously wrong in the respect that while the data in unencrypted, it cannot be accessed by a simple file explorer since BSD jails would prevent you from reading those directories.