Zizizi~

Countless users' smartwatches vibrated at the same time.

Uh, it's the alarm clock......

It's strange that I didn't set an alarm at this time, right?

Got a bug in the app?

Users don't particularly care, and it's understandable that some mini programs occasionally take a breath.

Click: Stop.

All the user sees is the "Stop" button on the watch screen when they reach out and tap with their finger.

But what is covered by the keys is a transparent interface, which is the program interface written by Charlene:

Whether to authorize the xx app to obtain your ID and password.

"Authorize!"

Smart watch touch interface hijacking!

UI action hijacking is a type of session hijacking attack based on visual spoofing, which makes users mistakenly believe that they are operating a visible control by overlaying an invisible box on the input control of the application interface.

What you see is not what you get!

If you just make a hijacking interface, you don't need to sneak into the background of the alarm clock application at all, and you can directly find the interface program vulnerability to launch a hijacking attack.

However, the backend is able to control all alarms to fire at the same time, and they are pressed for time, which is the best way to get the maximum amount of user data in a short period of time.

Almost everyone in the world has a smartwatch to ensure that they can still send and receive network information even after unplugging the brain-computer interface.

Smartphones are almost never taken off, because once you get used to your online life, you feel extremely insecure when you leave it. In this world, leaving the Internet is probably equivalent to being blind, deaf and mentally retarded......

Of course, the alarm clock app loaded by the user is not from the same company, so Charlene chose the top 10 alarm clock app vendors with the largest market share to sneak into. Not all users can be reached, but at least 80% of the data can be obtained!

Within seconds, a steady stream of user IDs and passwords was captured by Charlene.

Next, credential stuffing!

Generate a dictionary table with the collected ID and password, and try to log in to all of the user's applications.

Many users have poor information security awareness, and different apps set the same password.

In this way, Charlene managed to log into the social networks of 30% of users, using them as a source of worm distribution.

Go on! Brute-force cracking!

To make it easier to remember, the user's password will be set in close proximity, or the same set of password logic will be used.

Now that you have a set of passwords, you can design a predetermined value of the password, try and analyze it until the response is successful.

Attack after attempt, this violent way burned computing resources, and Charlene's head began to burn again to the point of frying eggs.

"Good thing I'm a wig! Otherwise, I'll be bald early......"

Aven kept wrapping ice cubes in a towel to dissipate heat from Charlene, and the white air swished out.

Five minutes later, in this way, another 40% of users were logged into the social network.

Seventy percent of users are used as the source of transmission of worms, relying on exponentially dispersed transmission mechanisms.

In seven minutes, the worm has covered 70% of the world's users, and 5 billion brain-computer interfaces have been loaded with Charlene's newly written Trojan under the control of the worm.

This Trojan contains various application IDs and passwords of users, and automatically logs in through brain-computer interfaces to perform large-scale batch manipulation of users' applications.

In this way, a botnet with 5 billion brain-computer interfaces was formed, which was controlled by Aven.

A massive attack on Etifi's servers and bandwidth network is about to begin!

onclick="hui"