Hi, I was wondering if this attack vector was possible. Say I have an app that uses http://localhost:21325 to talk to the bridge. Assuming the app process itself is sufficiently sandboxed, could some malware (say a shady VPN client) MITM the unencrypted TCP session and modify the payloads sent to the bridge, and hope the user confirms on the device without noticing?
Hi, I was wondering if this attack vector was possible. Say I have an app that uses
http://localhost:21325
to talk to the bridge. Assuming the app process itself is sufficiently sandboxed, could some malware (say a shady VPN client) MITM the unencrypted TCP session and modify the payloads sent to the bridge, and hope the user confirms on the device without noticing?