September 22, 2020

Casting Firefox to your TV, Roku or Game Console? Watch out for this major DANGEROUS bug!

Listen Later

11 minutes

What scared me about this bug is how EASY it is to execute, no MITM, no special software.. its all exploiting of existing software.. Let us discuss The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android intent URIs with zero user interaction. This attack can be leveraged by attackers on the same WiFi network and manifests as applications on the target device suddenly launching, without the users' permission, and conducting activities allowed by the intent. Resources https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020 https://twitter.com/init_string https://twitter.com/LukasStefanko/status/1307013106615418883

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

The Backend Engineering Show with Hussein Nasser

By Hussein Nasser

4.9

4040 ratings

September 22, 2020

Casting Firefox to your TV, Roku or Game Console? Watch out for this major DANGEROUS bug!

Listen Later

11 minutes

What scared me about this bug is how EASY it is to execute, no MITM, no special software.. its all exploiting of existing software.. Let us discuss The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android intent URIs with zero user interaction. This attack can be leveraged by attackers on the same WiFi network and manifests as applications on the target device suddenly launching, without the users' permission, and conducting activities allowed by the intent. Resources https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020 https://twitter.com/init_string https://twitter.com/LukasStefanko/status/1307013106615418883

...more

More shows like The Backend Engineering Show with Hussein Nasser

Freakonomics Radio by Freakonomics Radio + Stitcher

Freakonomics Radio

32,262 Listeners

Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

Software Engineering Radio - the podcast for professional software developers

273 Listeners

Risky Business by Risky Business Media

Risky Business

372 Listeners

Science Vs by Spotify Studios

Science Vs

12,153 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

991 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,088 Listeners

Practical AI by Practical AI LLC

Practical AI

215 Listeners

Within Reason by Alex J O'Connor

Within Reason

1,661 Listeners

All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks & Friedberg

10,192 Listeners

Dwarkesh Podcast by Dwarkesh Patel

Dwarkesh Podcast

560 Listeners

Big Technology Podcast by Alex Kantrowitz

Big Technology Podcast

512 Listeners

Hard Fork by The New York Times

Hard Fork

5,574 Listeners

The AI Daily Brief: Artificial Intelligence News and Analysis by Nathaniel Whittemore

The AI Daily Brief: Artificial Intelligence News and Analysis

676 Listeners

Prof G Markets by Vox Media Podcast Network

Prof G Markets

1,475 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

75 Listeners