With a heavy push for native mobile apps in the last 10 years, there has been a large corresponding growth in the mobile appsec space. With the OWASP Mobile Top 10, which was initially released in 2014 and updated in 2016, many organizations have a framework to use to properly secure their APIs and mobile…Continue reading Bell Smart Home – The importance of proper mobile testing
Account Hijacking – IoT edition
Following a legal threat from █████, Proack has decided to remove their name from this article. While we worked in good faith to responsibly disclose the vulnerabilities discussed below, and held the release of this article until fixes were implemented, █████ still decided to threaten us with legal action if we publicized the vulnerabilities we…Continue reading Account Hijacking – IoT edition
Insecure use of unique identifiers
In March 2020, our team started a couple of security research projects including participating in bug bounty programs, looking at IoT devices, and passively looking at mobile apps that have weak authentication and authorization controls. We came across one app called Remind, which is used by one of our team members to interact with their…Continue reading Insecure use of unique identifiers