Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Redditor Shamed After Girl Finds His Request For Her 'Porn…
Facebook for Android vulnerable to simple snooping tricks
Facebook's Android app has some serious security issues, according to a computer science professor at Rice University. Professor Dan Wallach and his students set up simple sniffers using freely-available software (including Wireshark and Mallory) and found that Facebook for Android sends a lot of data in the clear. That means it's possible -- easy, even -- for people to eavesdrop on your Facebook postings.Even more troubling is Wallach's finding that the lack of OAuth or another signature method in Facebook for Android means someone could theoretically post to your Facebook account. There's also a possible SQL injection vulnerability which could cause all kinds of trouble.
To protect yourself from potential exploits, you can sign into the secure version of Facebook's site -- https://www.facebook.com -- and get a third-party encryption app that will let you use the secure site by default. Hopefully Facebook will quickly address these issues and release an updated, more secure version of the Android app.
Comments
2
Subscribe to comments@davey_ladFeb 24th 2011 4:06PM
Thankfully, anybody snooping on my Facebook activity will be met with either nothing for days or a torrent of utter shite!
If they were to snoop on my Twitter activity however, it would be the exact opposite.
richard.gaileyFeb 24th 2011 4:59PM
Correct me if I'm wrong, but I know that the web-based version of Facebook allows https communication (although annoyingly a lot of app won't work with this and ask you to disable it, like RSS re-direct links etc) but the mobile versions still don't have this as a security option.
Is this down to slack official Facebook mobile application developers or something else.
I think Firesheep pointed out the weaknesses in Facebook and general wi-fi communication and they have just focused on a single popular application.