Sign into Your App Accounts with Facebook and Sina

Speaker: Ronghai Yang

Mainstream Identity Providers (e.g. Facebook, Sina) have adopted OAuth 2.0 protocol to support Single-Sign-On service. We will present several OAuth vulnerabilities, all of which can be exploited to sign into a victim’s mobile app account. These vulnerabilities have affected lots of popular third-party applications. Part of the result has been demonstrated on Black Hat Europe 2016.

Leave a Reply

Your email address will not be published. Required fields are marked *