| tiêu đề | Freedom Factory dGEN1 phone 1 Information Disclosure |
|---|
| Mô tả | The ethOS PWA emulator application (org.ethosmobile.webpwaemul) on the Freedom Factory dGEN1 phone exposes a sensitive Android JavaScriptInterface to all websites loaded within the emulator without validating the website origin. As a result, any website or launcher “FakeApp” opened in the emulator can retrieve the user’s Ethereum wallet address without user interaction or explicit consent.
This behavior deviates from standard decentralized application (dapp) security models, where users must explicitly approve wallet access before address information is exposed. |
|---|
| Nguồn | ⚠️ https://gist.github.com/Lytes/5fc292cecdc561f5c010c1f3a8a7bf1d |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 21/02/2026 05:59 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 06/03/2026 21:53 (14 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 349556 [Freedom Factory dGEN1 đến 20260221 org.ethosmobile.webpwaemul AndroidEthereum nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|