Written by Rob
Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite (the free version of WiFi Baby Monitor). Although the premium version offered users the ability to specify a password to be used in the pairing process, the free version offered no such function.
Monitoring the traffic using Wireshark during the pairing process revealed:
Written by Rob
What I Am Writing About Unlike most things I publish, this isn’t going to focus on how I came to find a vulnerability, but rather the problems I had trying to disclose it, and things that I could have approached better, in the hope it may help other people in the future if faced with being a small fish in a big pond which is trying to approach a larger organisation, who have few technical staff.