The news has been moving around the interwebs on how Gareth Wright found a security issue with Facebook on the iphone. Seems the key information needed to request and hold a token to Facebook is stored unencrypted in a plist file. Facebook claims that this is not a security risk since its stored in a directory that is not suppose to be accessible by any other application.

Facebook responded:

Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device….

Gareth responded on CNET:

Wright called Facebook’s statement “rubbish,” adding that the vulnerability is present on both jailbroken and non-jailbroken phones.

Although I have not tested this myself, given the number of times he was able to successfully access Facebook plists, I think I’m inclined to believe him.  Although I’m not one for connecting my iphone to ports I do not now, I will be even more careful.  However, what do you guys think?

The following is some of the means and devices Gareth created to access the plist.

After contacting Facebook and waiting for a reply took the liberty of  knocking together a few proof of concepts.

1) A hidden application which runs on shared PC’s Any device plugged in to charge has the Plist copied

2) A recompile of an open source iphone explorer like program with the added code

3) A saved game editing tool with the added code

4) A credit card sized hardware solution that takes all of two seconds to copy the plist should you have physical access to an iDevice

5)  A modified speaker dock

Over the course of a week over 1000 vulnerable plists were located and counted, though I hasten to add at no point was any data copied.

 

Leave a Reply

Your email address will not be published. Required fields are marked *