Facebook App Bug Can Steal Your Account Info—If a Hacker Grabs Your Phone

A new spookyscary security hole has been discovered in the Facebook and Dropbox apps for iOS and Android. But you shouldn't worry about it unless you give your phone to a hacker or someone steals it.

Here's how it works: If a hacker physically gets access to your phone, he or she would be able to connect it to a computer and access your file system. Then they could export a simple text file with all of your account data because Facebook and Dropbox aren't encrypting your data on your phone. That means anyone with access to the phone could just copy the data and view it. Other information in your phone is encrypted, so it remains secure. Facebook an Dropbox only need to encrypt these files to solve the situation.

But the thing is, your phone needs to be physically accessed in order for this to work. So this only really a problem if you leave your phone unattended. So don't worry about this unless you make a habit of leaving your phone all by itself in rooms full of hackers. [TNW]

Update: Dropbox issued a statement saying its Android app isn't affected by this bug:

"Dropbox's Android app is not impacted because it stores access tokens in a protected location. We are currently updating our iOS app to do the same. We note that the attack in question requires a malicious actor to have physical access to a user's device. In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices."