Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- A target application was built for the Google Assistant, which used voice controls.
- There are two main vulnerabilities here: failing open and exception handling.
- First, by saying the words "A capo" (Italian for newline) the Google input device interrupted this as a legit newline ('\n'). The application assumed that the form had to have data inside of it.
- The default intent was not the authentication page but the main page of the application. Therefore, once the crash happened (from the newline) then the app would reopen in the default intent!
- Main things to take away: special characters, such as newlines and tabs, can cause major issues. Additionally, make sure all items fail closed. So, even if there is a crash then this will not occur.
