This Hack Can Silently Break Into 1 Billion Android Apps | Forbes

"Hackers have an easy way into one billion Android app accounts, Hong Kong-based researchers claim at Black Hat Europe."

At a Black Hat Europe 2016 talk today, researchers claimed an attacker can abuse improper implementations of OAuth 2.0 in mobile apps to remotely impersonate any user account, access account data (e.g., banking details), and make in-app purchases with the user's payment information. Any mobile app security issue involving OAuth 2.0 is typically the result of a developer failing to follow best practices when implementing the protocol (rather than any weakness in the protocol itself). In a blog postNowSecure VP of Risk and Privacy Ted Eull explains the hack, OAuth 2.0, and tips for how to get it right.


Want to receive more content like this in your inbox?