1000 Ways to Die in Mobile OAuth

by Yuan Tian, Eric Chen, Shuo Chen, Yutong Pei, Robert Kotcher, Patrick Tague Sept. 14, 2017 via www.blackhat.com submitted by belen_caty

OAuth has become a highly influential protocol due to its swift and wide adoption in the industry. The initial objective of the protocol was specific: it serves the authorization needs for websites. However, the protocol has been significantly repurposed and re-targeted over the years: (1) all major identity providers, e.g., Facebook, Google and Microsoft, have re-purposed OAuth for user authentication; (2) developers have re-targeted OAuth to the mobile platforms, in addition to the traditional web platform. Therefore, we believe that it is necessary and timely to conduct an in-depth study to demystify OAuth for mobile application developers.

https://www.blackhat.com/us-16/briefings.html#1000-ways-to-die-in-mobile-oauth

Avatar
Steven Ulm 1 month ago

Haha, good title :) Happy though there are only 1000 ways - there could have been 10000 ... or more!

Reply