This commit is contained in:
maia arson crimew 2024-02-14 03:20:17 +01:00
parent 6cbe4c987d
commit 32b71488c1

View file

@ -23,7 +23,7 @@ just how many times can a company get hacked in exactly the same way until they
when members of the two hacking groups looked into TruthSpy last december while searching for stalkerware to hack, they independently stumbled upon the same [IDOR](https://en.wikipedia.org/wiki/Insecure_direct_object_reference) <small>(help out wikipedia and anyone trying to learn more by expanding this article)</small> vulnerability originally reported on by TechCrunch ([CVE](https://nvd.nist.gov/vuln/detail/CVE-2022-0732)), which evidently had not been fixed yet. this easily exploited type of vulnerability appears when data is retrieved without verifying that the client has the right to do so. a query parameter denoting a user ID (`like https://example.com/users/?id=123`), for example, allows for simple enumeration and scraping of data that is typically difficult to access otherwise. since this vulnerability in TruthSpy STILL isn't fixed at the time of writing i am unfortunately unable to publicly talk about where and how exactly this vulnerability was exploited as i usually would. when members of the two hacking groups looked into TruthSpy last december while searching for stalkerware to hack, they independently stumbled upon the same [IDOR](https://en.wikipedia.org/wiki/Insecure_direct_object_reference) <small>(help out wikipedia and anyone trying to learn more by expanding this article)</small> vulnerability originally reported on by TechCrunch ([CVE](https://nvd.nist.gov/vuln/detail/CVE-2022-0732)), which evidently had not been fixed yet. this easily exploited type of vulnerability appears when data is retrieved without verifying that the client has the right to do so. a query parameter denoting a user ID (`like https://example.com/users/?id=123`), for example, allows for simple enumeration and scraping of data that is typically difficult to access otherwise. since this vulnerability in TruthSpy STILL isn't fixed at the time of writing i am unfortunately unable to publicly talk about where and how exactly this vulnerability was exploited as i usually would.
upon exclusively receiving the data from ByteMeCrew to report on it i decided to contact [Zack Whittaker](https://techcrunch.com/author/zack-whittaker/) (who wrote the aformentioned TechCrunch article) to collaborate on the research and reporting (shoutout to Zack for being one of the very few journalists writing about stalkerware btw, much love). he quickly got to reaching out to the server hosters and payment providers used by TruthSpy to inform them of the TOS violations. the resulting game of whack-a-mole ended with them switching to Moldovan hosting company [AlexHost](https://alexhost.com), who has yet to respond to any requests, and moving checkouts to p2p payments (presumably via crypto) via their support portal (after 1Byte initially scrambled to use the checkout experiences of their non-stalkerware projects for TruthSpy as well). upon exclusively receiving the data from ByteMeCrew to report on it i decided to contact [Zack Whittaker](https://techcrunch.com/author/zack-whittaker/) (who wrote the aforementioned TechCrunch article) to collaborate on the research and reporting (shoutout to Zack for being one of the very few journalists writing about stalkerware btw, much love). he quickly got to reaching out to the server hosters and payment providers used by TruthSpy to inform them of the TOS violations. the resulting game of whack-a-mole ended with them switching to Moldovan hosting company [AlexHost](https://alexhost.com), who has yet to respond to any requests, and moving checkouts to p2p payments (presumably via crypto) via their support portal (after 1Byte initially scrambled to use the checkout experiences of their non-stalkerware projects for TruthSpy as well).
with most of the in-depth reporting on TruthSpy's background already having been done by Zack two years ago, i decided to focus my research on trying to uncover more of the inside workings of 1Byte, their various non-stalkerware ventures (primarily online language learning apps), their CEO Van "Vardy" Thieu and the full breadth of their disregard for cybersecurity 101. with most of the in-depth reporting on TruthSpy's background already having been done by Zack two years ago, i decided to focus my research on trying to uncover more of the inside workings of 1Byte, their various non-stalkerware ventures (primarily online language learning apps), their CEO Van "Vardy" Thieu and the full breadth of their disregard for cybersecurity 101.