تطبيق أندرويد يستغل ثغرة وجود كلمات المرور غير المؤقتة في رسائلك النصية. وظيفته محاولة البحث عن مثل هذه الرسائل وعرضها لك. للتفاصيل اطلع على التدوينة التالية:
جميع التفاصيل التقنية مذكورة في الشرح بالأسفل.
Simple react-native app (Android only) that tries to search for permanent plaintext password found in your SMSs and display them for you. The objective is to show the implication of storing users passwords as plaintexts, and even send them to users via third parties (like sms). It is trivial for any determinant attacker to harvest passwords exposed like this.
- react-native-sim-data
- react-native-get-sms-android
- react-native-table-component
- react-native-restart
Cd to the project directory. After making sure npm and react-native are installed in your system, run "npm install". Then hopefully you can run the app using command "react-native run-android"
- You will likely get some false positives in your results. Search is done using keyword string matching.
- Search is hard limited up to the last 10000 SMSs. You can change this in code.
- Android API > 22.
- Require a phone with installed sim to work properly.
