
An Android Spy App Left 1.7M Passwords and Nude Photos Exposed to Hackers - rbanffy
https://www.forbes.com/sites/thomasbrewster/2018/08/11/an-android-spy-app-left-17-million-passwords-and-nude-photos-exposed-to-hackers/#6cb199765fd9
======
thewizardofaus
How would you get involved in this sort of security research? It's been an
interest of mine for awhile. I have experience in reverse engineering binary
files and malware but not so much experience in the "live internet stuff".

Would you start with simple CTF tasks?

I assume they used some sort of application to view the http requests that the
phone was making and where able to figure out the right endpoints from that?

Thanks in advance.

------
inostia
A simple GET request? How can a single developer be so grossly negligent as to
not protect their API's?

