『The SDK Backdoor: How EngageLab's Silent Flaw Put 50 Million Android Devices and Billions in Crypto at Risk』のカバーアート

The SDK Backdoor: How EngageLab's Silent Flaw Put 50 Million Android Devices and Billions in Crypto at Risk

The SDK Backdoor: How EngageLab's Silent Flaw Put 50 Million Android Devices and Billions in Crypto at Risk

無料で聴く

ポッドキャストの詳細を見る

今ならプレミアムプランが3カ月 月額99円

2026年5月12日まで。4か月目以降は月額1,500円で自動更新します。

概要

 What if the very code designed to make your apps more engaging was silently exposing your private keys to the world? A critical vulnerability in the widely used EngageLab SDK didn't just leak data—it created a direct pipeline from millions of Android devices, including 30 million crypto wallets, straight to a remote attacker's server. This episode dives deep into the anatomy of CVE-2025-XXXXX, a flaw that allowed malicious apps to hijack the SDK's functionality. We trace how the SDK's push notification service could be weaponized to exfiltrate sensitive device information, authentication tokens, and, crucially, data from any app that integrated it. For cryptocurrency wallet applications, this meant private keys and seed phrases were potentially just one malicious notification away from being stolen. Listeners will gain a forensic understanding of supply chain risk at the mobile app level, learning how third-party dependencies become single points of catastrophic failure. We analyze the global app ecosystem's reliance on obscure SDKs and the lag time between discovery, patch, and user update that leaves millions perpetually vulnerable. In the shadow economy of mobile data, the most dangerous door is often the one you asked a stranger to install. #EngageLabSDK #AndroidSupplyChain #CryptoWalletSecurity #MobileAppVulnerability #MassDataExposure #ThirdPartyRisk #CybercrimeDiaries Hosted by Ibnul Jaif Farabi. Produced by Light Knot Studios (lightknotstudios.com).
まだレビューはありません