Stay up to date with Payatu blog
How We Hacked an Android Game And Ranked First globally
How we hacked an Android game to top the global leaderboard without even playing the game. Recently, we came across an Android game of Minesweeper. The game has been nicely developed and was fun t...
Must have Tools for Your Android Pentesting Toolkit
6 Must-have Tools for Your Android Pentesting Toolkit Hello, and Welcome everyone! When performing pentesting, either it is the web, network, mobile, or IoT, the most crucial thing the pentester s...
DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure....
“MyMiko” – Responsible Vulnerability Disclosure
This is my another case of a vulnerable IoT device. In my previous blogs, we talked about vulnerabilities there was found in Smart lock and beacons. This one is a fun device, which is made for kids to learn to code and play with it. I don’t have access to the device, so I just checked on the mobile app and found series of vulnerability. These are my findings on a Connected smart toy – MyMiko by Emotix from their Android app. Findings 1: Hard Coded information in the android app It was identified on extracting the android app. several hard-coded information is present. These hard-coded information involves API calls, Web Endpoints and other information which could pose a threat. Steps:...