Hello, welcome to the Friday, June 24th, 2016 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich and the I'm recording from Jackson, Florida.

Portuguese security posted a nice blog about various bugs they found in Uber's platform as part of Uber's buck bounty.

The key vulnerability really sort of found among different issues that they point out here is

the ability to retrieve a user's unique UUID from the user's phone number.

The UUID is large, hard to prude force, but of course a phone number isn't.

And once you have this unique ID, you're then able to access a number of different APIs

without additional authentication.

With this, an attacker could for example retrieve past

trips either from a driver's point of view or from a passenger's point of view and

conduct a number of other operations like for example retrieving the user's

email address.

Uber already has fixed these vulnerabilities, but nevertheless this report makes a pretty

good case study as to how different web vulnerabilities are being discovered and how they

can be exploited in particular in collaboration with mobile applications

that are being used by Uber.

And yesterday I mentioned how Apple did not encrypt the iOS kernel in the latest beta.

Turns out this was indeed done intentionally and Apple states they did it for performance reasons.

Of course, decrypting the kernel does add performance, does add battery usage and with that

they decided to just go with an unencrypted kernel.

This of course does not really put any user data at risk.

It does however open up some of the internals of how iOS works.

...