We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance
::: spoiler Comments
- Hacker News;
- Mastodon;
- Reddit.
:::
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance
Critical authentication bypass vulnerabilities in Restaurant Brands International's assistant platform allowed complete control over 30,000+ Burger King, Tim Hortons, and Popeyes locations worldwide - including access to customer drive-thru audio rec…web.archive.org
🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side codeThe scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂
Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.
Full technical breakdown: bobdahacker.com/blog/rbi-hacke…
#InfoSec #CyberSecurity #ResponsibleDisclosure #Privacy #GDPR #API #GraphQL #SecurityResearch #VulnDisclosure #RestaurantBrands #BurgerKing #TimHortons #Popeyes #vulnerability
We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance
Critical authentication bypass vulnerabilities in Restaurant Brands International's assistant platform allowed complete control over 30,000+ Burger King, Tim Hortons, and Popeyes locations worldwide - including access to customer drive-thru audio rec…bobdahacker.com
Raoul Duke likes this.
Technology Channel reshared this.