Karan Saini

Attacking a weak 3D Secure implementation

This article documents a security flaw in the mechanism through which the 3D Secure implementation of Wibmo andles the generation and processing of the one-time PIN used for performing cardholder verification.

On Aadhaar’s public-service advertisements

The UIDAI’s ad campaigns intentionally omit any aspect which could be deemed negative or unsavoury, and in doing so utilise a deceptive tactic seen usually in cases of false or misleading advertisements.

Extracting personal phone numbers linked to Aadhaar

This article demonstrates how the personal phone number linked to any given Aadhaar can be extrapolated due to problems in implementation of the text-based authentication mechanism which websites offering Aadhaar authentication rely on.

Fuzzing for obfuscated phone numbers

In the current age of information, any technology you own could potentially be used as an avenue for attack, including your mobile phone. In writing and publishing this piece, I am hoping to highlight the risk of linking a single invariable phone number across all of your online accounts, and how doing so could easily […]