App

SPID and Google Authenticator: When Interoperability Is Intentionally Impeded
March 09, 2021
SPID is the Italian Public Digital Identity System, which enables citizens to access online services of the public administration. Citizens can choose among several identity providers. Most of them support two-factor authentication with proprietary authenticator apps, which are not interchangeable nor compatible with “universal” apps such as Google Authenticator. It turns out that all apps actually use the same algorithm, and the incompatibility is purely artificial. …
spid app reverse engineering
Vulnerabilities in ATM Milano's mobile app
August 18, 2020
Some design flaws left ATM Milano’s mobile app vulnerable to attacks: anyone could access any users’ data and tickets by just knowing their e-mail address. Meanwhile, some apparent security features made the vulnerabilities harder to spot and to exploit. …
atmmilano app zeroday
Reverse engineering Trenitalia's mobile application
September 24, 2018Only available in Italian 🇮🇹
Trenitalia ha da poco rilasciato la nuova versione della sua app per iOS e Android. Avendo già avuto a che fare con i meravigliosi sistemi informatici delle Ferrovie dello Stato per lo sviluppo di TrenItBot e per altri progetti, una sbirciata anche qui non poteva mancare. …
trenitalia fs app reverse engineering