Facebook for Android vulnerable to simple snooping tricks

Facebook's Android app has some serious security issues, according to a computer science professor at Rice University. Professor Dan Wallach and his students set up simple sniffers using freely-available software (including Wireshark and Mallory) and found that Facebook for Android sends a lot of data in the clear. That means it's possible -- easy, even -- for people to eavesdrop on your Facebook postings.

Even more troubling is Wallach's finding that the lack of OAuth or another signature method in Facebook for Android means someone could theoretically post to your Facebook account. There's also a possible SQL injection vulnerability which could cause all kinds of trouble.

To protect yourself from potential exploits, you can sign into the secure version of Facebook's site -- https://www.facebook.com -- and get a third-party encryption app that will let you use the secure site by default. Hopefully Facebook will quickly address these issues and release an updated, more secure version of the Android app. 

{ 0 comments... read them below or add one }

Post a Comment