An Interest In:
Web News this Week
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
- March 22, 2024
Some of Our Sources
- Team Treehouse
- Just Creative
- The Logo Smith
- Vandelay Design
- Noupe
- Web Design Ledger
- Line 25
- Stylized Web
- Daily Now
- TechPowerUp
Help Webnuz
Referal links:
December 24, 2012 11:51 pm GMT
PSA to all Facebook Camera users on iOS: If you haven’t update you app in the past few days, updateit now. The older version of the app, pre-1.1.2 and released before December 21, has asecurity loophole. When used over WiFi networks, malicious hackers can tap the network and hijack Camera users’ accounts, picking up information like email addresses and passwords in the process. The white-hat hacker who ID’d the problem is Mohamed Ramadan, an Egypt-based security researcher and trainer with Attack-Securewho has also found and reported vulnerabilities for Apple, Google, and Etsy — which apparently also had the same loophole in its iOS app. Ramadan tells us that the issue lied in the Camera app’s Secure Sockets Layer certification, which was too open. As he puts it, “The problem is the app accepts any SSL certification from any source, even evil SSL certifications and this enables any attacker to perform Man in The Middle Attack against anyone uses Facebook Camera App for IPhone. This means that the application doesnt warn the user if someone in the same [WiFi network] trying to hijack his Facebook account.” Testing his theory by using a proxy to listen in on a WiFi network, he was able to type in his username and password into the Camera app, and then see that information appear via the proxy. Ramadan notes that he’s tested all Facebook apps and the rest appear to protect from this similar vulnerability. We’ve reached out to Facebook for comment but haven’t received a response.
Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/jUJWQxdqgCY/
Security Loophole In Facebooks Camera App Allowed Hackers To Hijack Accounts Over WiFi
PSA to all Facebook Camera users on iOS: If you haven’t update you app in the past few days, updateit now. The older version of the app, pre-1.1.2 and released before December 21, has asecurity loophole. When used over WiFi networks, malicious hackers can tap the network and hijack Camera users’ accounts, picking up information like email addresses and passwords in the process. The white-hat hacker who ID’d the problem is Mohamed Ramadan, an Egypt-based security researcher and trainer with Attack-Securewho has also found and reported vulnerabilities for Apple, Google, and Etsy — which apparently also had the same loophole in its iOS app. Ramadan tells us that the issue lied in the Camera app’s Secure Sockets Layer certification, which was too open. As he puts it, “The problem is the app accepts any SSL certification from any source, even evil SSL certifications and this enables any attacker to perform Man in The Middle Attack against anyone uses Facebook Camera App for IPhone. This means that the application doesnt warn the user if someone in the same [WiFi network] trying to hijack his Facebook account.” Testing his theory by using a proxy to listen in on a WiFi network, he was able to type in his username and password into the Camera app, and then see that information appear via the proxy. Ramadan notes that he’s tested all Facebook apps and the rest appear to protect from this similar vulnerability. We’ve reached out to Facebook for comment but haven’t received a response.Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/jUJWQxdqgCY/
Share this article:
Tweet
View Full Article
Techcrunch
TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.More About this Source Visit Techcrunch