The discovery of a very serious gap can grab more than two billion phone data around the world!
In the news detonator, a group of security researchers discovered a new way to control and theft of more than 2 billion mobile data around the world, both Android system phones or iOs.
Publish all of Ronghai Yang, Wing Cheong, Tianyu Liu (researchers from the University of Hong Kong Chinese) conference Black Hat Europe on Friday, and a research paper included merits very serious loophole, targeting a wide range of mobile applications that rely on the inclusion of a definition by a third party (single sign-on (SSO, any applications that enables the user to their access by linking the identification calculated on a known sites Qvis Bock, Google or other without the inclusion of the user name and password, where this matter through the OAuth protocol.
The flaw in the way you use your application developers to this Protocol, be the correct way to use it as follows:
Here we focus on the proper application achieved two key things: First, the definition of user identity (ID), a second verification of the access code (Access Token), which determines whether a user account is linked to the application corresponds to the user profile, or not.
Here are the wrong way to use the protocol through which a hacker can impersonate the user's identity:
Unfortunately, many developers do not pay attention for the second point where after the first linked to the application of one of the user's hands providers (Facebook, Google ...), is verified by and access code, but next time do not be checked this code is sufficient hands only and here the defect, if the attacker was able to replace the hands during the verification process, can provoke the application for a symbol of its arrival.
Thus, the method easy to implement, and relies on the application or download infected Vulnerability applications and search for victims (from Google or through random guessing for hands).
In the same paper, the security team noted that the method was able to seize the user data associated with the application, many of the banks services and short positions and buy and Hotel services and some communication applications and other victim of this gap, the researchers confirmed that it will work on iOS system as well as if the application is infected although they did not try it on this system.
34 comments
commentsyou're truly a excellent webmaster. The web site loading speed
Replyis amazing. It kind of feels that you are doing any unique trick.
Also, The contents are masterpiece. you have performed a excellent job in this subject!
I am glad that I discovered this blog, just the right
Replyinformation that I was searching for!
Normally I do not learn post on blogs, however I
Replywish to say that this write-up very forced me to try and do it!
Your writing taste has been surprised me. Thanks, very nice article.
Just what I was looking for, appreciate it for posting.
ReplyGreat article.
ReplyThanks friend, I use namecheap hosting service
ReplyMay I simply just say what a relief to discover someone that actually understands what they are talking about online.
ReplyYou definitely realize how to bring a problem to
light and make it important. More and more people should check this out and understand this side of
the story. It's surprising you aren't more popular given that you definitely possess the gift.
I am delighted that I observed this web site, just the right info
Replythat I was searching for!
That's an honor that you find what you were looking for in our modest blog network-usa.com
ReplyT᧐day, I went tо the beach with my children. I found a sea
Replyshell and gaѵe it to my 4 уear old daughter and
sakd "You can hear the ocean if you put this to your ear." She put the shell to heг ear and
screamed. There was a hermitt crab insiԀe and it pinched һer ear.
She never wаnts to go back! LoL I kow this is totally off topic but I had to tel ѕomeone!
We are not someone, we are one family here, we share our stories, we all loves kids and specially little daughters, if you want to tell us what is your daughter name? and send her our Hi to her from Network-usa.com blog
ReplyWow! After all I got a website from where I be capable
Replyof genuinely get valuable data regarding my study and knowledge.
I've been exploring for a little for any high quality articles or blog posts on this kind of house .
ReplyExploring in Yahoo I eventually stumbled upon this web site.
Studying this info So i am happy to convey
that I have a very just right uncanny feeling I came upon exactly what I needed.
I most certainly will make certain to don?t omit this site and give it a look regularly.
Thank you for sharing excellent informations.
ReplyYour web-site is so cool. I'm impressed by the details that you have on this website.
It reveals how nicely you perceive this subject.
Bookmarked this website page, will come back for extra articles.
You, my pal, ROCK! I found simply the info I already searched all over the
place and simply couldn't come across. What
an ideal web site.
I think everything posted made a bunch of sense. But, think on this, suppose
Replyyou wrote a catchier post title? I ain't suggesting your information isn't good, but what
if you added a post title that makes people desire more?
I mean "The discovery of a very serious gap can grab more than two billion phone data around the world!" is a little vanilla.
You should peek at Yahoo's front page and see how
they create news titles to grab people to click. You might
add a video or a pic or two to get readers excited about everything've written. In my opinion,
it might bring your blog a little livelier.
Excellent post. I used to be checking continuously this weblog and I am inspired!
ReplyVery helpful information particularly the remaining part :) I maintain such information much.
I used to be seeking this particular information for a long time.
Thanks and best of luck.
Thankfulness to my father who informed me regarding this web site, this website is genuinely remarkable.
ReplyI am genuinely grateful to the holder of this site who has shared this enormous article at here.
Replyhello!,I love your writing so much! proportion we communicate more
Replyapproximately your post on AOL? I need an expert in this area to resolve my problem.
May be that is you! Taking a look ahead to peer you.
I got what you intend,saved to fav, very nice internet site.
ReplyAppreciate the recommendation. Let me try it out.
ReplyGreate pieces. Keep posting such kind of information on your page.
ReplyIm really impressed by your blog.[X-N-E-W-L-I-N-S-P-I-N-X]Hello there, You have done an incredible job.
I will certainly digg it and in my view recommend to my friends.
I am sure they will be benefited from this web site.
hi!,I like your writing very so much! share we keep up a
Replycorrespondence extra approximately your post on AOL?
I need a specialist on this house to solve my problem.
May be that's you! Looking ahead to peer you.
Excellent post. I'm experiencing many of these issues
Replyas well..
Greetings from Ohio! I'm bored to tears at work so I decided to check out your website on my iphone during lunch break.
ReplyI enjoy the knowledge you present here and can't
wait to take a look when I get home. I'm shocked at how quick your blog loaded on my phone ..
I'm not even using WIFI, just 3G .. Anyways, very good blog!
Thanks for finally talking about >"The discovery of a very serious gap can grab more than two billion phone data around the world!" <Liked it!
ReplyAt PetSmart, we by no means sell canines or cats.
ReplyWhat's up to every single one, it's in fact a good for me to pay
Replya quick visit this web page, it consists
of important Information.
World of warcraft, brilliant web site layout! The length of time do you find yourself blogs for the purpose of?
Replyyou've made operating a blog search simple. In overall appearance of your webpage is good, in addition to subject matter!
Unter anderem kann einbegriffen einem Kompressionsmieder das Bedrohung seitens Ödemen ansonsten Rezidiven deutlich
Replyverringert Werden. Unter Absaugungen im Bereich von (dicker) Bauch noch dazu Beinen wird dem Patienten im weiteren Verlauf ein Kompressionsmieder oder
eine Stützhose eingeplant. Chip Manipulation wird bei Vollnarkose Oder ebenfalls Lokalnarkose, je nach Operationsbereich, am Patienten durchgeführt.
Wir verwenden Chip sogenannte TIVA, eine jener modernsten ja sogar schonendsten Narkoseformen überhaupt: Auch indem Entstehen zutiefst schonende, kurzwirksame Schlaf- darüber hinaus Schmerzmedikamente zusätzlich Chip
Vene verabreicht, der Ausschuss der Vollnarkose besteht nur in einer Sauerstoff- auch Luftbeatmung.
Welches Hineingeben brennt anfänglich etwas, nach 3-5 Minuten setzt schon Chip Betäubung ein.
Es dauert ca. 30 Minuten bis Chip Betäubung wirkt.
Im Laufe von dieser letzten 14 Tage vorher DEM Operationstermin müssen Diese (z.B.
benachbart Ihrem Hausarzt) ein befundetes EKG mehr noch eine Blutabnahme zur Definition von Seiten kleinem Blutbild, Elektrolyten u.
a. Blutgerinnung ausführen lassen. Anliegend eindringlich erschlaffter Haut,
bspw. bspw. bei einer herabhängenden Bauchdecke, kann ein zusätzlicher
Eingriff, in diesem Niedergang eine Bauchdeckenstraffung,
geboten Anwesenheit.
Thank you for sharing with us, I think this website truly
Replystands out :D.
I have recently started a website, the information you offer on this website has
Replyhelped me tremendously. Thank you for all of your time & work.
I think this web site contains very wonderful composed subject material blog
Replyposts.
Good day I am so thrilled I found your website, I really found you by mistake, while I was looking on Bing for
Replysomething else, Regardless I am here now and would just like to say many
thanks for a remarkable post and a all round exciting blog
(I also love the theme/design), I don?t have time to go through it all at the minute but I have bookmarked it and also included your RSS feeds, so when I have time I will be back to read
a lot more, Please do keep up the fantastic jo.