Phewtick sends a IP packet to their server to create a meetup. By finding out the contents of the packet, we can see the different information sent to the server. Simply put it, Phewtick requires the 2 parties’ identifier token and a decrypted QR Code ID to create a meetup. No security features are in place to hide these identifiers, so packets can be created easily, making Phewtick a highly vulnerable to exploit application.
1pm -5pm to learn more about information security.
Disclaimer: The demo is shown for educational purposes only. No malicious actions are intended.