Following a legal threat from █████, Proack has decided to remove their name from this article. While we worked in good faith to responsibly disclose the vulnerabilities discussed below, and held the release of this article until fixes were implemented, █████ still decided to threaten us with legal action if we publicized the vulnerabilities we…Continue reading Account Hijacking – IoT edition
Insecure use of unique identifiers
In March 2020, our team started a couple of security research projects including participating in bug bounty programs, looking at IoT devices, and passively looking at mobile apps that have weak authentication and authorization controls. We came across one app called Remind, which is used by one of our team members to interact with their…Continue reading Insecure use of unique identifiers