Ways to Die in Mobile OAuth

Explore the security vulnerabilities in OAuth implementation for mobile applications in this 47-minute Black Hat conference talk. Delve into an in-depth study that demystifies OAuth for mobile app developers, combining protocol documentation analysis and a field study of over 600 popular mobile apps. Discover alarming findings revealing that 59.7% of OAuth-using applications were incorrectly implemented and vulnerable. Examine key security-critical portions of OAuth protocol flows that confuse mobile developers, and learn from real-world examples of implementation pitfalls. Gain valuable insights into improving OAuth usage in mobile applications, based on lessons learned from communicating with vendors of vulnerable apps. Understand the challenges of repurposing and re-targeting OAuth from its original web-based authorization purpose to mobile platforms and authentication use cases.

1000 Ways to Die in Mobile Oauth