About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

RCE via Samsung Galaxy Store App- 283

Ken Gannon - FSecurePosted 5 Years Ago
  • The bug impact of a Samsung store URL is over HTTP instead of HTTPs. Because of this, a crazy Person in the Middle (PiTM) attack can be performed. This attack, therefore, require that the victim is on an attacker controlled WiFi.
  • The HTTP URL is found within a NFC tag that the user scans. Once this is scanned, the NFC tag can guide a user to either open an app or download an app.
  • When some JavaScript is ran from the HTTP URL, an attacker can then intercept the request and make the user download a malicious application.
  • This vulnerability looks really flashy but is quite theoretical. Two make this exploit work, the following has to happen: a user must be on an attacker controlled WiFi network AND must scan an attacker NFC tag. A vulns a vuln but this does require quite a bit of user specific interaction to pull off.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed