1 Billion Mobile Apps Exposed To Account Hijacking Through OAuth 2.0 Flaw (threatpost.com)
Threatpost, the security news service of Kaspersky Lab, is reporting a new exploit which allows hijacking of third-party apps that support single sign-on from Google or Facebook (and support the OAuth 2.0 protocol). msm1267 quotes their article:
Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called "Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0"... The researchers examined 600 top U.S. and Chinese mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina -- which operates Weibo in China -- and support single sign-on for third-party apps. The researchers found that 41.2% of the apps they tested were vulnerable to their attack... None of the apps were named in the paper, but some have been downloaded hundreds of millions of times and can be exploited for anything from free phone calls to fraudulent purchases.
"The researchers said the apps they tested had been downloaded more than 2.4 billion times in aggregate."
"The researchers said the apps they tested had been downloaded more than 2.4 billion times in aggregate."
There are all these backdoors in products, routers, hard drive firmware. Some are intentionally placed there, some where discovered and never fixed. And it's supposed to be OK, because USA is leader of the free world and it would never abuse these for evil. What Snowden called "turnkey tyranny".
And now you have Trump as leader. Elected with the help of Russian Hackers and Russian Propagandists. A man with extensive hidden business interests in Russia.
And his strategist Paul Manafort, was the man who put Russian Puppet leader, Viktor Yanukovych into Ukraine is the same man who orchestrated Trump election, same trick too, divide the country, appeal to extreme nationalist.
So the tyranny key has been turned and you are paralyzed as your country is annexed.
But the rest of the world has a serious problem, because of General Alexander and his dicks, putting backdoors everywhere, and concealing known flaws from his own country and its allies. We, rather urgently, need to protect ourselves from your annexation.