Vangelis StykasTotally Pwning the Tapplock Smart Lock (the API way)tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This results in anyone with a valid login…3 min read·Jun 15, 2018--1--1
Vangelis StykasRemote smart car hacking with just a phone.tl;dr: Calamp which provides the backend for a lot of really well known car alarm systems had a misconfigured reporting server that gave…6 min read·May 12, 2018----
Vangelis StykasI spy with my little eye... #hakvisiontl;dr: Hikvisions cloud services (hik-connect.com) rely on a cookie value to determine with what user you are logged in.Changing the user…6 min read·Apr 24, 2018--2--2
Vangelis StykasRow, row, row your boat: Pwning ship’s VSAT for fun and profit.Some background:3 min read·Feb 15, 2018----