Leonidas tsaousis

30 Mar 2021

Click here for free TV! - Chaining bugs to takeover Wind Vision accounts

A critical vulnerability was discovered in the Wind Vision mobile app that enables account takeover through chained security flaws. The attack exploits insecure URL schemes, weak device identification, and authentication mechanisms to intercept OAuth tokens. By crafting a malicious app, an attacker can potentially stream content or remove user devices from the Wind Vision account.