Open dsernst opened 1 month ago
Possible mitigations:
Thanks again for participating! This submission earned $566.89 from SIV and $284.93 from the Public Vote, for a total of $851.82.
Here's what we noted in our evaluation:
Issue to track getting paid: https://github.com/siv-org/hack.siv.org/issues/7
Reported by Drew Springall (@aaspring) yesterday at DEF CON (~24 hours before submissions close):
2nd Device Malware Verification Check can be defeated by rerouting the QR code to another malicious site (or other non-legit check websites).
See paper https://aaspring.com/ccs2014/ivoting-paper.pdf on similar attack against Estonia, especially Figure 4 on page 4.