At Ngee Ann Polytechnic School of InfoComm Techology, students showed their various research projects on Information Security. One which caught our eye was the exploitation of vulnerabilities in popular Phewtick mobile application by reverse engineering it. With the exploitation, the students were able to automatically generate meet ups fraudulently by running a script, without really meeting up with anyone and scanning their QR Codes.
Phewtick sends a IP packet to their server to create a meetup. By finding out the contents of the packet, we can see the different information sent to the server. Simply put it, Phewtick requires the 2 parties’ identifier token and a decrypted QR Code ID to create a meetup. No security features are in place to hide these identifiers, so packets can be created easily, making Phewtick a highly vulnerable to exploit application.
More exhibitions on various exploits on different platforms can be found at the seminar. Interested parties can visit the 2nd day of the exhibition on 21st January 2013 at eGarage(Blk 31 #02-10),
1pm -5pm to learn more about information security.
1pm -5pm to learn more about information security.
Disclaimer: The demo is shown for educational purposes only. No malicious actions are intended.
