Critical Thinking - Bug Bounty Podcast cover image

Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)

Critical Thinking - Bug Bounty Podcast

00:00

How to Use a QR Code Scanner to Send Messages to an Attacker

I was looking at how it worked. And I was looking specifically at the method where it receives messages from from the server. It would have like your local IP address, your port, an initial public key and then a nonce that gets tied together. And then those get generated and it uses essentially a rolling key from there. Each message sends back a new key that it uses to sign the next message and so forth. But because it has this fallback after like if it has an unknown message type, then it'll just reset that key. And then it will move forward. So then you could just say, Oh, here's like bogus message type reset the public key to my attacker

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app