Casting Firefox to your TV, Roku or Game Console? Watch out for this major DANGEROUS bug! - podcast episode cover

Casting Firefox to your TV, Roku or Game Console? Watch out for this major DANGEROUS bug!

The Backend Engineering Show with Hussein Nasser
Sep 22, 202011 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

What scared me about this bug is how EASY it is to execute, no MITM, no special software.. its all exploiting of existing software.. Let us discuss   The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android intent URIs with zero user interaction.  This attack can be leveraged by attackers on the same WiFi network and manifests as applications on the target device suddenly launching, without the users' permission, and conducting activities allowed by the intent.   Resources https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020 https://twitter.com/init_string  https://twitter.com/LukasStefanko/status/1307013106615418883

For the best experience, listen in Metacast app for iOS or Android