Categories: Tech

Facebook SDK Vulnerability Puts Millions of Users Accounts at Stake

Facebook SDK Vulnerability Puts Millions of Users Accounts at Stake

The Security researchers from leader in intelligent led Mobile Risk Management (MRM), MetaIntell have found out a major vulnerability in the latest version of Facebook SDK that puts millions of Facebook user’s authentication tokens at stake.

Facebook SDK is perhaps the easiest way for iOS and Android to integrate the mobile apps with Facebook that provides support for logging in using Facebook platform, reading and writing to Facebook APIs, and much more.

The OAuth authentication of Facebook or “Login as Facebook” is a secure way of signing into other third party apps without sharing the passwords. After the user has approved the permissions as requested by the application, the Facebook SDK

implements the OAuth 2.0 User-Agent flow to retrieve the secret user’s access token required by the apps in order to call Facebook APIs to read, write or modify the data of the users of Facebook on their behalf.

It is quite important not to share your secret token with anyone, but Facebook SDK stores it in an unencrypted format that can be accessed easily.

Moreover, any third party app with the access to the device file system can easily read this file and can easily steal the token of Facebook remotely.

MetaIntell team has already told the Facebook team regarding the vulnerability, but Facebook is not looking in the mood to update its SDK by fixing the current issues. All the current iOS and Android apps are vulnerable to this kind of attack.

In order to be saved from the vulnerability of Facebook SDK, you don’t need to login into 3rd party apps using Facebook account. App developers are advised to remove the secret tokens of access of the users from device file system in order to secure online storage with encrypted channel.

Fahad Saleem

Recent Posts

10 Features of Best Online Casinos with No Deposit Bonus

Online casinos are becoming more and more popular with gamblers these days. However, when it…

10 hours ago

How Companies Use Multi-Display Technology

Multi-display technology has changed many peoples’ working lives for the better, both on a small…

10 hours ago

How to Get Started with a Thriving Career in Tech

The world is run by computers and by computer programs. So even if you do…

11 hours ago

Centbee graduates from regulatory sandbox, adds new countries to remittance service

Fintech company Centbee announced today that it has successfully completed testing of its remittance service,…

11 hours ago

4 Ways To Spot Weak Points In A Workflow Process

All industries have workflow processes that differ from one another. Ultimately, though, the entire operation…

1 day ago

How To Keep Your Network Secure In A Work From Home Setting

With the coronavirus pandemic affecting the world, more business owners consider working from home as…

1 day ago