Recently, security researcher Gareth Wright discovered a serious loophole within Facebook’s iOS app. Basically anyone that can access your iOS device alongside a computer can hack into your device and retrieve personal information using a free tool called iExplorer.
This tool is not the culprit though. iExplorer allows one to access system files within an iOS device, regardless of having Jailbreak.
Facebook and Dropbox store unencypted text files containing your information within the root folders of your iPhone (or other device’s) System directory. Now even though you can’t access these files directly from iOS. This backdoor hack allows someone with the right tools and time to go in and retrieve these files. TheNextWeb weighed in confirming this security risk is present within Dropbox’s app as well.
Since this was discvoered, Facebook has issued the following statement:
Facebook’s iOS and Android applications are only intended for use with the manufacturer provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device.
We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device.
Obviously Facebook has NO clue this free (popular) iExplorer tool exists. We’ve showed you different tutorials involving iExplorer in the past. So it’s up to Facebook and Dropbox to notice the problem and fix it. The main issue here is that all the data is unencrypted.
Don’t worry about any “remote” hacking. Someone actually has to physically have YOUR device in their possession to be able to pull this off. So unless you lose your device or sell it without restoring to defaults, your probably going to be just fine. The problem here lies with these apps and not iOS.
I’m sure we’ll be seeing some updates coming through to the App Store soon…