By Bugcrowd Researcher Success Jun 27, 2016Big Bugs Podcast Episode 3: $15K for IoT Device Takeover Today we published the third episode of our podcast series ‘Big Bugs’ hosted by me. In this episode, embedded in this post and available on SoundCloud, I am joined by special guest Adam Hartway of Digital Safety (DiSa) to explore a $15K bug uncovered in their winner takes-all bug bounty program.About the DiSa Bug Bounty Program:DiSa is the global leader in Digital Protection for products in the retail channel, taking current analog loss prevention solutions and converting them to a digital format. In order to stand up against physical theft, however, DiSa products must also stand up against digital bypasses. To test their strength against hackers, DiSa shipped out DiSa secured tablets to a sample of security researchers to see if they could bypass the authetication steps and take over the device. Listen to the podcast to hear about the results.Additional Resources:Mobile security resources: OWASP Mobile Top TenOWASP iOS Testing GuideJSSec Secure Coding for AndroidHelpful Mobile Testing/Learning TargetsiOS- http://damnvulnerableiosapp.com/Android- http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.htmlIoT security resources:OWASP IoT Surface Areas projectHelpful IoT Testing/Learning TargetsDamn Vulnerable Router Firmware Have questions for me? Continue the discussion on our forum and subscribe below to get monthly episodes of this podcast. You can also subscribe to the Bugcrowd podcast RSS feed. Tags:Topics:Bug Hunter Methodology
