Jacopo Jannone - blog enit

  • Analysis of magnetic stripe tickets used for public transport in Lombardy, Italy

    January 04, 2022Only available in Italian 🇮🇹

    Una banda magnetica su un biglietto usa e getta potrebbe sembrare una cosa piuttosto noiosa e poco degna di essere studiata. Ogni tanto però la curiosità prevale, una scoperta tira l’altra e in men che non si dica ci si trova a viaggiare non per lavoro o per diletto, ma per accumulare biglietti da analizzare. Ecco tutto ciò che ho scoperto sul mondo che c’è dietro. …

    reverse engineeringaccess controlatmmilano

  • SPID and Google Authenticator: When Interoperability Is Intentionally Impeded

    March 09, 2021

    SPID is the Italian Public Digital Identity System, which enables citizens to access online services of the public administration. Citizens can choose among several identity providers. Most of them support two-factor authentication with proprietary authenticator apps, which are not interchangeable nor compatible with “universal” apps such as Google Authenticator. It turns out that all apps actually use the same algorithm, and the incompatibility is purely artificial. …

    spidappreverse engineering

  • Does Apple really log every app you run? A technical look

    November 14, 2020

    Apple’s launch of macOS Big Sur was almost immediately followed by server issues which prevented users from running third-party apps on their computers. While a workaround was soon found by people on Twitter, others raised some privacy concerns related to that issue. …

    macosappleprivacy

  • Vulnerabilities in ATM Milano's mobile app

    August 18, 2020

    Some design flaws left ATM Milano’s mobile app vulnerable to attacks: anyone could access any users' data and tickets by just knowing their e-mail address. Meanwhile, some apparent security features made the vulnerabilities harder to spot and to exploit. …

    atmmilanoappzeroday

  • Reverse engineering Trenitalia's mobile application

    September 24, 2018Only available in Italian 🇮🇹

    Trenitalia ha da poco rilasciato la nuova versione della sua app per iOS e Android. Avendo già avuto a che fare con i meravigliosi sistemi informatici delle Ferrovie dello Stato per lo sviluppo di TrenItBot e per altri progetti, una sbirciata anche qui non poteva mancare. …

    trenitaliafsappreverse engineering

© 2018-2022 Jacopo Jannone