Facebook Security Issue on Jailbroken iOS Devices

It was revealed today that there is a security issue with the Facebook apps for iOS and Android, where any knowing wrong-doers could steal your Facebook log in credentials, through some type of hole in the security. Apparently, the information is not encrypted properly, when being entered, and if you know what you’re doing, you can easily steal this info via USB, or through a downloaded app.

Facebook has come forward to comment on the issue and they have said this issue is only present in “compromised” devices.

“Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device. We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.”

Representatives for Facebook previously said they were looking into the issue, but now it seems they are saying “it’s not our fault”. Since the above statement was released, they have said they are looking at ways to fix this on all devices. Accessing you info via USB can’t be fixed, but they are looking at ways to stop malicious apps from stealing your info. We have seen in the past that some jailbreak developers often release their own patches for these vulnerabilities, so keep checking Cydia for a fix. 😉

[via ZDNet]