))
Ep. 12 – Timing Attacks & Mobile OAuth Hijack: When Microseconds and Misflows Betray You
Manage episode 503026959 series 3643227
Content provided by Amin Malekpour. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Amin Malekpour or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
A few microseconds. One silent browser session. That’s all it took for attackers to break into systems without tripping a single alert.
In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we explore two subtle but devastating flaws:
🔹 Timing Attacks for Token Leaks – By measuring microsecond delays, attackers were able to recover secrets, without seeing them in responses.
🔹 OAuth Hijack via Mobile App Flows – A crafted app abused in-app browser sessions and custom URL schemes to silently steal valid login tokens from users on iOS.
These aren’t theoretical bugs—they were found in the wild and affect real apps. If you build or test auth systems, this episode is for you.
Chapters:
00:00 - INTRO
01:11 - FINDING #1 - Timing Leaks That Speak Volumes
06:56 - FINDING #2 - Hijacking Mobile OAuth with One Silent Redirect
13:06 - OUTRO
Want your pentest discovery featured? Submit your creative findings through the Google Form in the episode description, and we might showcase your finding in an upcoming episode!
🌍 Follow & Connect → LinkedIn, YouTube, Twitter, Instagram
📩 Submit Your Pentest Findings → https://forms.gle/7pPwjdaWnGYpQcA6A
📧 Feedback? Email Us → [email protected]
🔗 Podcast Website → Website Link
Chapters
1. INTRO (00:00:00)
2. FINDING #1 - Timing Leaks That Speak Volumes (00:01:11)
3. FINDING #2 - Hijacking Mobile OAuth with One Silent Redirect (00:06:56)
4. OUTRO (00:13:06)
13 episodes
Share
