A feature in the Twitter API (application programming interface) can be abused by attackers to launch credible social engineering attacks that would give them a high chance of hijacking user accounts, a mobile application developer revealed Wednesday at the Hack in the Box security conference in Amsterdam.
The issue has to do with how Twitter uses the OAuth standard to authorize third-party apps, including desktop or mobile Twitter clients, to interact with user accounts through its API, Nicolas Seriot, a mobile applications developer and project manager at Swissquote Bank in Switzerland, said Thursday.
This is a potentially widespread issue that could effect common apps like tweet deck, twitter for iOS etc Seriot used this method to build a completely legitimate program which works with Mac OS based mutli-protocol chat client Adium, but believes this security loophole could be used for nefarious purposes which could impact all users of API based twitter apps.
Read more on Seriots development and its potential security risks, at ARN HERE
No comments:
Post a Comment