Ep. 12 – Timing Attacks & Mobile OAuth Hijack: When Microseconds and Misflows Betray You
Impossible d'ajouter des articles
Échec de l’élimination de la liste d'envies.
Impossible de suivre le podcast
Impossible de ne plus suivre le podcast
Ep. 12 – Timing Attacks & Mobile OAuth Hijack: When Microseconds and Misflows Betray You
-
Lu par :
-
De :
À propos de ce contenu audio
A few microseconds. One silent browser session. That’s all it took for attackers to break into systems without tripping a single alert.
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we explore two subtle but devastating flaws:
🔹 Timing Attacks for Token Leaks – By measuring microsecond delays, attackers were able to recover secrets, without seeing them in responses.
🔹 OAuth Hijack via Mobile App Flows – A crafted app abused in-app browser sessions and custom URL schemes to silently steal valid login tokens from users on iOS.
These aren’t theoretical bugs—they were found in the wild and affect real apps. If you build or test auth systems, this episode is for you.
Chapters:
00:00 - INTRO
01:11 - FINDING #1 - Timing Leaks That Speak Volumes
06:56 - FINDING #2 - Hijacking Mobile OAuth with One Silent Redirect
13:06 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → podcast@quailu.com.au
🔗 Podcast Website → Website Link
Vous êtes membre Amazon Prime ?
Bénéficiez automatiquement de 2 livres audio offerts.Bonne écoute !
