Over 1 Billion Mobile App Accounts can be Hijacked Remotely with this Simple Hack (oAuth)


Well-known member
Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim.

A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found [PPT] that most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0.

OAuth 2.0 is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts.

Read more: