An Interest In:
Web News this Week
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
Some of Our Sources
- Slashdot
- Engadget
- Smashing Magazine
- Inspiredology
- Crazy Leaf Design
- My Ink Blog
- Web Design Ledger
- Wal You
- Android Dissected
- Android Headlines
Help Webnuz
Referal links:
November 13, 2016 04:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/uiRzpTL9NDo/1-billion-mobile-apps-exposed-to-account-hijacking-through-oauth-20-flaw
1 Billion Mobile Apps Exposed To Account Hijacking Through OAuth 2.0 Flaw
Threatpost, the security news service of Kaspersky Lab, is reporting a new exploit which allows hijacking of third-party apps that support single sign-on from Google or Facebook (and support the OAuth 2.0 protocol). msm1267 quotes their article:Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called "Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0"... The researchers examined 600 top U.S. and Chinese mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina -- which operates Weibo in China -- and support single sign-on for third-party apps. The researchers found that 41.2% of the apps they tested were vulnerable to their attack... None of the apps were named in the paper, but some have been downloaded hundreds of millions of times and can be exploited for anything from free phone calls to fraudulent purchases. "The researchers said the apps they tested had been downloaded more than 2.4 billion times in aggregate."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/uiRzpTL9NDo/1-billion-mobile-apps-exposed-to-account-hijacking-through-oauth-20-flaw
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot