Tag: Facebook Moments

Facebook Moments (Android / Google Play) on Feb 2, 2017 (upd. on Feb 4th, 2017)

This application is available for Android. This app is designed to provide an easy way to get all the photos of yourself trapped on your friends’ phones. The latest build was released on February 2, 2017

This release protects all data items transferred over the Internet with SSL certificate validation. All data items are vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted. All Android operation systems below 7th version are affected. If you have an updated Android OS 7.0 and higher because Android 7 limits a power of user certificates.

Findings Summary

Our examination revealed total 19 items, where were 8 DAR items and 11 DIT items found. Among DAR items were found 0 worst items, 8 bad items, 0 good items, and 0 best items. Among DIT items were found 0 worst items, 0 bad items, 11 good items, and 0 best items.

Below you find 2 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Facebook Moments (Android / Google Play) on Feb 2, 2017 (upd. on Feb 4th, 2017)”

Facebook Moments 15.0 (iOS / App Store) on Feb 2, 2017 (upd. on Feb 4th, 2017)

This application is available for iOS. This app is designed to provide an easy way to get all the photos of yourself trapped on your friends’ phones. The latest build was released on Feb 1st, 2017.

This release protects all data items transferred over the Internet with SSL Pinning that means a weakness if you have a jailbroken device only

Findings Summary

Our examination revealed total 21 items, where were 9 DAR items and 12 DIT items found. Among DAR items were found 0 worst items, 7 bad items, 2 good items, and 0 best items. Among DIT items were found 0 worst items, 0 bad items, 12 good items, and 0 best items.

Below you find 2 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

This slideshow requires JavaScript.

Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

Continue reading “Facebook Moments 15.0 (iOS / App Store) on Feb 2, 2017 (upd. on Feb 4th, 2017)”