Blog Archives
New Facebook App Vulnerability Lets you Easily Hack into Peoples Accounts!
Recently, a security hole in the Facebook iPhone & Android App was discovered by Gareth Wright. Wright discovered this hole while poking around the Facebook app, when shockingly, found that the Facebook login credentials were unencrypted in a .plist file! He sent the file to his friend, who put it on his iPhone and immediately he was logged into Wrights account! Wright contacted Facebook who said that they will be fixing this soon (But didn’t give a date). This hack is actually quite simple, your victim does have to be jailbroken though. Heres how to do it!
NOTE: This hack also works on Androids, but since I don’t own an android, I can’t show you how 😦
Requirements
The victums iDevice must be Jailbroken
You need an iDevice (Jailbroken)
A Computer
Instructions
1. Plug your victims iDevice into your computer. Open up DiskAid an navigate to /var/mobile/Applications/ you will have to find the folder the Facebook app is in though (this may take time depending on how many app the user has…)
2. Once you’ve located the Facebook folder go to Library > Preferences >
3. Copy com.facebook.Facebook.plist to your computer.
4. Unplug the victims iDevice from your computer and plug in YOUR iDevice. Navigate back the same folder and drop his com.facebook.Facebook.plist file onto your device. Open up your Facebook app and you will be logged into their account!
You will be logged into the Facebook account until the year 4000! The scary thing would be if someone codes software to to get this file remotely (It wouldn’t be hard). Someone probably already has. Be careful about plugging your device into “Charging Stations” and untrusted computers! Or you could be a victim of this attack!!!