Thanks for that. Not super worried about people knowing my location or games I played :p
However, this is of interest:
>and in some cases (which affected millions of users) completely take over Twitter and Facebook accounts
How is that possible? Are we going to see mass defacements/malware links or other bad stuff on Twitter and Facebook as a result?
Also what is meant by 'take over'? Surely it doesn't mean from a UDID alone, a hacker could log into that associated account with full permissions?
I'm assuming any scripted attack would only have the permissions that any other FB/Twitter app has, and could be blocked in App settings if it started doing 'bad stuff'?
I found vulnerabilities in two social gaming networks that let you take control of people's Facebook and Twitter accounts using _just_ the UDID. I never published the details of these vulnerabilities, but you can find an official acknowledgement from at least one of these companies (Chillingo of Angry Birds fame) in this WSJ piece:
By "Take control of..." you mean "act with the permissions of the app", I assume? I can't see how Angry Birds the app would ever have full control over my Facebook account unless there's a catastrophic vuln. in the Facebook API.
Chillingo is the publisher of the original Angry Birds, and it's their social network (which is integrated with Angry Birds and therefore on millions of devices) that had the vulnerability.
However, this is of interest:
>and in some cases (which affected millions of users) completely take over Twitter and Facebook accounts
How is that possible? Are we going to see mass defacements/malware links or other bad stuff on Twitter and Facebook as a result?
Also what is meant by 'take over'? Surely it doesn't mean from a UDID alone, a hacker could log into that associated account with full permissions?
I'm assuming any scripted attack would only have the permissions that any other FB/Twitter app has, and could be blocked in App settings if it started doing 'bad stuff'?