-
Intel Outside: Hacking every Intel employee and various internal websites
Hardcoded credentials, pointless encryption, and generous APIs exposed details of every employee and made it possible to break into internal websites.
Eaton -
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.
Eaton -
How 1 Exposed Honeywell API Gave me Control Over an Internal Engineering System
(ASPEN) APIs are crucial for web apps but pose security risks. I uncovered a critical flaw in Honeywell’s BEDQ system, highlighting the need for strong API security.
Eaton -
Gaining admin access to a Siemens cloud system
(ASPEN) Understanding the Risks of Client-Side Authentication: Why relying on client-side security isnโt enough.
Eaton -
Lessons in Securing Mobility Site Management APIs
(ASPEN) Mobile device management (MDM) systems are essential for large enterprises to track devices accessing the corporate network and ensure security. Read how a vulnerability on Johnson & Johnson’s Mobility Service Portal made it possible to access employee corporate devices.
Eaton