iOS smartphones and tablets users have reasons to be worried again, after an IT specialist revealed a simple way to intercept login credentials for Facebook and Dropbox accounts.
The data can then be used on another iOS device to access the victim’s accounts.
In order to succeed, a hacker will need physical access to the victim’s device, as the hacker has to copy the .plist file that is used to store login credentials. The operation is possible on all Apple devices, and you will only need a PC and iExplorer application for this operation.
In a recent press release, Facebook explains how client apps for iOS and Android devices are only tested with unmodified versions of the operating systems, using native protection measures implemented by Apple. So, only phones and tablets that are jailbroken are considered to be compromised, becoming vulnerable to data thefts. In reality , to copy files from one device to another does not require a jailbreak.
What is more serious is that the log in credentials are being stored in unencrypted text format which means that the .plist file only has to be transferred on another device. A person who bad intentions can do this manually or with the help of a specialized software installed on a PC the victim has access to.
Apparently, Facebook is already working on fixing this problem, but until then iOS users are asked to avoid connecting the phone or tablet to other computers that are not their own.
The Android version of the Dropbox application is not affected by this vulnerability. However, iOS phones and tablets users are asked not to leave their devices unsupervised and to avoid connecting them to computers in public locations until the updated version of the application will be available for download.