Alpha1
Well-known member
Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim.
A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found [PPT] that most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0.
OAuth 2.0 is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts.
Read more:
https://www.blackhat.com/docs/eu-16...ion-Mobile-Apps-Effortlessly-With-OAuth20.pdf
http://thehackernews.com/2016/11/android-oauth-hacking.html
A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found [PPT] that most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0.
OAuth 2.0 is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts.
Read more:
https://www.blackhat.com/docs/eu-16...ion-Mobile-Apps-Effortlessly-With-OAuth20.pdf
http://thehackernews.com/2016/11/android-oauth-hacking.html