Vulnerabilities tagged "account-takeover"

Megafeis-palm: Exploiting Vulnerabilities to Open Bluetooth SmartLocks

A long, fairly beginner friendly post about attacking a Bluetooth lock, there is a lot of process information here as it was an intern's research project. What the vulnerability comes down to though is a lack of any real authoization checking instead only validating the integrity (poorly!) of the request and trusting the app did all the heavy lifting.
 
1
2