Category: Crypto
Difficulty: Easy
Author: nullableVoid*#7225
We found this exposed IoT thing. It doesn't do anything we can exploit, but there's a HTTP server that's meant for updating. We have a malicious update server at https://EVILCODE/
, and any path can work with the update mechanism, but we don't have an OEM signature for it. Can you trick it into running our malware?