OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking [telecom]

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking

by Michael Mimoso

Third-party applications that allow single sign-on via Facebook and
Google and support the OAuth 2.0 protocol, are exposed to account
hijacking. Three Chinese University of Hong Kong researchers presented
at Black Hat EU last week a paper called "Signing into One Billion
Mobile LApp Accounts Effortlessly with OAuth 2.0." The paper describes
an attack that takes advantage of poor OAuth 2.0 implementations and
puts more than one billion apps in jeopardy.

https://threatpost.com/oauth-2-0-hack-exposes-1-billion-mobile-apps-to-account-hijacking/121889/

Site Timeline