- Feb 4, 2016
- 2,520
Gmail is the world's most popular email service, it is also known as one of the most secure. But a dangerous exploit might make you rethink how you want to use the service in future.
In an eye-opening blog post, security researcher Youssef Sammouda has revealed that Gmail's OAuth authentication code enabled him to exploit vulnerabilities in Facebook to
hijack Facebook accounts when Gmail credentials are used to sign in to the service. And the wider implications of this are significant.
Speaking to The Daily Swing, Sammouda explained that he was able to exploit redirects in Google OAuth and chain it with elements of Facebook's logout, checkpoint and sandbox systems to break into accounts. Google OAuth is part of the 'Open Authorization' standard used by Amazon, Microsoft, Twitter and others which allows users to link accounts to third-party sites by signing into them with the existing usernames and passwords they have already registered with these tech giants.