Egyptian expert in the field of information security, Mohamed Ramadan discovered a vulnerability in Facebook Camera app for iOS.
Application accepts any SSL certificate, creating a base for an attack of the ‘man in the middle.’
Versions prior to 1.1.2 (previously released 21/12/2012) provide unauthorized access to some data on your phone when connected via Wi-Fi.
In particular, an attacker can intercept transmitted e-mail address and password you used to log in to Facebook. So iPhone users run the risk of losing control of his account in Facebook.
Facebook camera app for iOS allows an attacker to find e-mail and password for the account of the victim
Mohammed Ramadan notes that Facebook has analyzed other applications for the presence of similar problems and did not find them. To check the possibility of attack through Facebook Camera He set up a proxy server through which data and tracked by Wi-Fi.
In Facebook confirmed the vulnerability existence, and recommended as soon as possible to update the Facebook Camera and not to be connected to doubtful Wi-Fi networks. Company representatives emphasized that they were not aware of a single case of the vulnerabilities found in the wild.
Filed under: IT Security News