New Video from @seytonic Highlights McDonald's App Vulnerabilities and North Korean Hacker's Computer Breach

The latest video from @seytonic explores two main topics related to cybersecurity: vulnerabilities in the McDonald's app and the hacking of a computer belonging to a North Korean hacker.

Firstly, the video reveals several security flaws in the McDonald's app, discovered by a security researcher known by the pseudonym Bobdahacker. The first vulnerability concerns McDonald's points system, which allows users to earn points by purchasing food and exchange them for more food. However, the app does not properly verify the points balance on the server side, allowing anyone with technical knowledge to falsify their points and order an unlimited amount of free food. Bobdahacker reported this flaw to McDonald's, but it was only when he mentioned that exploiting this bug gave the same privileges as a McDonald's Gold Card holder that the company took action and fixed the issue within a few days.

Bobdahacker continued to explore other vulnerabilities. He discovered that McDonald's "Feel-Good Design Hub," a confidential platform used to manage branding and marketing, was protected only by client-side passwords. This meant that anyone could manipulate the authentication process and access the platform. Although McDonald's fixed this problem three months later, they introduced new vulnerabilities by allowing account creation via a modified URL, thus giving access to confidential information.

Additionally, Bobdahacker found the API key of MagicBell, a service used by McDonald's to manage push notifications, in plain text within the site's JavaScript code. This allowed him to impersonate McDonald's and send mass push notifications. He also discovered that it was possible to access executive-level portals using the credentials of a simple crew member, gaining access to employees' personal details, including their email addresses.

The video also addresses the hacking of a computer belonging to a North Korean hacker, a member of the group APT43, also known as Kimsuky. Two hacktivists, Saber and cyb0rg, exfiltrated the entire file system of the computer and made the dump available to the public. The computer reveals several ongoing espionage operations, primarily targeting South Korea. The logs show phishing attacks against South Korean military intelligence, as well as copies of messaging server source code and evidence of continuous access to internal South Korean government systems.

The dump also contains codes for backdoors and exploits, along with manuals detailing their use. It reveals an unsuccessful brute force attempt against the South Korean Ministry of Unification and issues encountered with purchasing domains via Namecheap. The hacktivists managed to carry out their operation without the North Korean hacker noticing, as the credentials for his VPS were still active at the time of the report's publication.

The video concludes by emphasizing the importance of vigilance in cybersecurity and reminding viewers that hackers, whether benevolent or malicious, play a crucial role in discovering and fixing vulnerabilities.

To learn more, watch the full video: https://www.youtube.com/watch?v=uk1AjAwZuvU