Connect with us

Apps

Over A Billion Apps Can Be Hacked With This Simple Hack

Published

on

Over A Billion Apps Can Be Hacked With This Simple Hack 1
Over A Billion Apps Can Be Hacked With This Simple Hack 2
Security researchers from the Chinese University Of Hong Kong have discovered a way to target a huge number of Android apps that could allow them to remotely sign into any victim’s mobile app account without any knowledge of the victim


They discovered that most of the popular Android apps that support single sign-on (SSO) service have  implemented OAuth 2.0 the awfully wrong way.

OAuth 2.0 is an open standard for authorization that allows app users to log in to other third-party services by verifying existing identity of their Google, Facebook, or Microsoft Accounts.

This process enables users to sign-in to any service without providing additional usernames or passwords. 

How are app developers supposed to implement OAuth? (The Right Way)

Over A Billion Apps Can Be Hacked With This Simple Hack 3

Usually when a user signs into  a third party app via OAuth, the app verifies with the ID provider, let’s say, Facebook, that it has correct authentication details. If it does, OAuth will receive an ‘Access Token’ from Facebook which is then issued to the server of that mobile app. 

Once  the access token has been issued, the app server asks for the user’s authentication information from Facebook, verify it and then let the user sign in with his/her Facebook credentials. 

How most app developers are really implementing OAuth? (The Wrong Way)

Over A Billion Apps Can Be Hacked With This Simple Hack 4

The researchers found that the developers of a massive number of Android apps did not properly verify the validity of the information sent from the ID provider, like Facebook or Google. 

Instead of verifying OAuth information (Access Token) attached to the user’s authentication information to validate if the user and ID provider are linked, the app server would only check for user ID retrieved from the ID provider. 

Due to this error , remote hackers can download the vulnerable app, log in with their own information and then change their username to the individual they want to target (which the hackers could guess or Google) by setting up a server to modify the data sent from Facebook, Google or other ID providers. 

Once done, this would grant the snoop total control of the data held within the app. 

The impact? If hackers broke into a victim’s travel app, they could learn the schedules of the victim; if broke into a hotel booking app, they could book a room for them and have the victim pay; or simply steal victim’s personal data, such as residential address or bank details. 

“The OAuth protocol is quite complicated,” Lau told Forbes. “A lot of third party developers are ma and pa shops, they don’t have the capability. Most of the time they’re using Google and Facebook recommendations, but if they don’t do it correctly, their apps will be wide open.”

The researchers have found hundreds of popular US and Chinese Android apps that support SSO service with a total of over 2.4 Billion downloads that are vulnerable to this issue. 

Considering the number of users who opt for OAuth-based logins, researchers estimate that over a Billion different mobile app accounts are at risk of being hijacked with their attack. 

The researchers did not test their exploits on iPhones, but they believed that their attack would work on any vulnerable app sitting on Apple’s iOS mobile operating system. 

“Although our current attack is demonstrated over the Android platform, the exploit itself is platform-agnostic: any iOS or Android user of the vulnerable mobile app is affected as long as he/ she has used the OAuth2.0-based SSO service with the app before,” the researchers said. 

Yang and Lau presented their research paper titled, Signing into One Billion Mobile App Accounts Effortlessly with OAuth2.0, at Black Hat Europe conference on Friday.

Source -  The Hacker News

Michael Ajah is a Computer Science Student of The University of Port Harcourt and a Chelsea Fan. He loves RnB and a little mix of Trap Music. An awesome tech reviewer and analyst. Email - [email protected]

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps

Download Stickers For WhatsApp – The Best Collection Of Whatsapp Stickers On The Web

Published

on

Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 5
Whatsapp just added support for  sticker packs support and unfortunately it doesn’t come with a lot of stickers which means you have to download apps from Google Playstore to get new stickers.

Stickers For WhatsApp
Navigation Menu

    Download Stickers For Whatsapp

    If you are a kind of person that loves stickers , the downside of this is that you’ll end up having too many apps on your phone just for stickers. I decided to look for a workaround for this and luckily I found it.

    I have converted the best collection of stickers from Telegram for use on Whatsapp. So let me guide you on what to do to be able to use this method.

    Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 6

    Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 7

    How To Add Your Own Stickers To Whatsapp

    • Download Personal Stickers For WhatsApp App From Here
    • Download Xplore App From Here
    • Download Your Choice Of Stickers From The Sticker List Below
    • Extract The Folder Using Xplore App 
    • Create A New Folder On The Root Of Your Device
    • Copy The Stickers From The PNG Folder To The Folder You Created
    • Place Your Files On The Root Of Your Device (It shouldn’t be inside any folder)
    • Launch The Personal Stickers App
    • Wait For The Folder Name To Show
    • Select Add Stickers To Whatsapp And Wait
    • You’ll get a success message, launch Whatsapp and you can see your stickers.

    Whatsapp Sticker Packs (Converted From Telegram)


    1. Bill Gates Whatsapp Sticker Pack



    Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 8




    Download

    2. Elon Musk Whatsapp Sticker Pack



    Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 9





    Download

    3. The Kardashians Whatsapp Sticker Pack





    Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 10





    Download

    4. Captain America  Whatsapp Sticker Pack



    Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 11





    Download

    5. American Dad  Whatsapp Sticker Pack



    Download Stickers For WhatsApp - The Best Collection Of Whatsapp Stickers On The Web 12





    Download

    Request A Sticker Pack

    This page would be updated regularly. If there’s a particular sticker pack you want send me a mail at [email protected] and I’ll try my best to upload it here. Cheers.

    mbtTOC();

    Continue Reading

    Apps

    How To Fix Facebook App Crashing On Android Smartphones

    Published

    on

    How To Fix Facebook App Crashing On Android Smartphones 13
    The main Facebook app is a data hog, drains batteryand eats up storage space and most times it ends up crashing whenever you open it on your smartphone. I’ve actually switched to facebook lite to save my phone from that endless torment.

    How To Fix Facebook App Crashing On Android Smartphones 14There are a couple of ways to fix the crashing on your phone. This method may also work for other apps.

    Method 1

    Update Your Facebook to the latest version

    Method 2: Clear App Cache

    1. Open Settings.
    2. Tap Apps.
    3. Navigate to Facebook app.
    4. Tap to open Options.
    5. Tap Clear Cache and then Clear Data.
    6. Restart your device and try out Facebook app again.

    Method 3: Reinstall Facebook App

    Uninstall the current Facebook app you have on your
    device and go back to Google play store and reinstall it Login with your Facebook ID and everything should be back to normal.

    Method 4: Download  Facebook Lite

    Simply download facebook lite from playstore

    mbtTOC2();

    Continue Reading
    Advertisement

    New Arrivals

    Recent Comparisons

    Trending