Nuki provides an electronic smart lock that integrates with existing keys and cylinders by simply being mount on top of them. It offers Bluetooth connectivity and can be accessed online with the help of a bridge device which connects to the local wireless network. We have taken both the Nuki Lock (version 1) and the Bridge (version 4) apart and will show what is inside these devices securing our doors. Read More...
Tink.de (also Tink.us) is an online store specialized in smart-home devices. It uses a highly customized version of the Magento eCommerce platform. We found a piece of JavaScript malware embedded in their web-site which, during 4 months (from mid-July to mid-November 2018), forwarded customer details (full name, credit card numbers, billing address, email, telephone) to a server in Russia, possibly to be sold later on the dark web. In this post we take a look at how the customers data was captured, leaked, and how attackers try to cover their tracks. Read More...
Sched.com is a popular event planning and management web-site. We discovered that the mobile version leaked API keys for all events, leading to the possibility of accessing password protected events, modifying any events and accessing all the stored data about speakers and registered users.