Stay up to date with Payatu blog
“MyMiko” – Responsible Vulnerability Disclosure
This is my another case of a vulnerable IoT device. In my previous blogs, we talked about vulnerabilities there was found in Smart lock and beacons. This one is a fun device, which is made for kids to learn to code and play with it. I don’t have access to the device, so I just checked on the mobile app and found series of vulnerability. These are my findings on a Connected smart toy – MyMiko by Emotix from their Android app. Findings 1: Hard Coded information in the android app It was identified on extracting the android app. several hard-coded information is present. These hard-coded information involves API calls, Web Endpoints and other information which could pose a threat. Steps:...