Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent getting around the EULA through SMS #78

Open
laurahsisson opened this issue Dec 17, 2017 · 1 comment
Open

Prevent getting around the EULA through SMS #78

laurahsisson opened this issue Dec 17, 2017 · 1 comment
Labels
security
Milestone
Features That Wou...

Comments

@laurahsisson
Copy link
Collaborator

It is possible to start an emergency without signing the EULA by sending an SMS to the server containing a device id the user made up by themselves. However, if the user enters arbitrary device ids to the server, it is possible for them to hijack an emergency.
@laurahsisson laurahsisson added this to the Final Milestone milestone Dec 17, 2017
@laurahsisson
Copy link
Collaborator Author

Maybe have the server send back a sort of key back to the user and further calls require that key? Then that would just be sending the emergency ID back to the user which I think is a bad idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
Features That Would Be Nice
Development

No branches or pull requests
1 participant
@laurahsisson