Security News > 2016 > November > OAuth2.0 implementation flaw allows attackers to pop Android users’ accounts (Help Net Security)

Incorrect OAuth2.0 implementation by third party mobile app developers has opened users of those apps to account compromise, three researchers from the Chinese University of Hong Kong have discovered. The exploit The flaw can be exploited remotely, with no involvement and/or awareness of the victim. The attacker has to set up an ssl-enabled-MITM proxy for his device and a vulnerable third party app on his device. When he goes to sign into the mobile app … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/uBf7eHwUsKE/