RSS Parrot

"Super secure" MAGA-themed messaging app leaks everyone's phone number

https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/

Published: December 10, 2025 00:00

Neither of us had prior experience developing mobile apps, but we thought, “Hey, we’re both smart. This shouldn’t be too difficult.” Freedom Chat CEO Tanner Haas Background Once upon a time, in the distant memory that is 2023, a new instant messaging…

Taking over 60k spyware user accounts with SQL injection

https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/

Published: July 2, 2025 00:00

Background Recently I was looking through a database of known stalkerware services and found one I wasn’t familiar with: Catwatchful. It seemed to be a full-featured Android spy app, to actually be its own service as opposed to a millionth FlexiSpy…

Links

https://ericdaigle.ca/links/

Published: June 11, 2025 17:44

Journalism 404 Media Canada’s National Observer Netzpolitik.org London Review of Books Literary Review of Canada e-flux journal Revue Esprit Blogs The Convivial Society maia arson crimew Sam Curry DYNOMIGHT INTERNET WEBSITE ava’s blog Groups UBC VOC…

Things Worked On

/things-worked-on/

Published: March 17, 2025 00:38

Interesting Things I’ve Worked On Economics 2023-24 Bank of Canada Governor’s Challenge I was one of five students selected from over seventy applicants to compete as part of UBC’s team for the 2023-24 Bank of Canada Governor’s Challenge, where I was…

Breaking into dozens of apartment buildings in five minutes on my phone

/posts/breaking-into-dozens-of-apartments-in-five-minutes/

Published: February 15, 2025 00:00

Background A few months ago I was on my way to catch the SeaBus when I walked by an apartment building with an interesting looking access control panel. I wrote down the “MESH by Viscount” brand name and made a note to look into it when I had a chance. I…

Bypassing iChano AtHome's homegrown cryptography with Frida

/posts/breaking-homegrown-cryptography-with-frida/

Published: July 21, 2024 00:00

Background Today we take a break from exploring stalkerware/watchware to examine a vulnerability in iChano AtHome Camera, a pair of applications allowing smartphones and computers to be used as IoT-enabled security cameras. This exploit allows an attacker…

PCTattletale leaks victims' screen recordings to entire Internet

/posts/pctattletale-leaking-screen-captures/

Published: May 22, 2024 00:00

Background PCTattletale is a simple stalkerware app. Instead of providing the sophisticated monitoring of many similarly insecure competitors it simply asks for permission to record the targeted device (Android and Windows are supported) on infection.…

iSharing data leak writeup

/posts/isharing-data-leak-writeup/

Published: April 24, 2024 00:00

Background I recently discovered a serious security lapse in iSharing, a location tracker/parental control app for iOS and Android that claims over 35 million users. Upon discovering the issue and getting no response from the developers I contacted Zack…

[UofTCTF 2024] basic-overflow

/posts/uoftctf-2024-basic-overflow/

Published: January 28, 2024 00:00

Problem Description This challenge is simple. It just gets input, stores it to a buffer. It calls gets to read input, stores the read bytes to a buffer, then exits. What is gets, you ask? Well, it’s time you read the manual, no? Author: drec This is a…

Spatial joins with geopandas and shapely

/posts/geospatial-joins-geopandas-shapely/

Published: September 30, 2022 00:00

Recently a project at work required me to write an automated and reusable script to add country data to NSDIC’s Free Air Gravity Anomaly dataset. The classic open-source solution would have been PyQGIS’s processing module, but QGIS strangely still doesn’t…