They do! They also don't (can't) contain any identifying ... • Aaron Parecki

👉😎👉 Jay Phelps https://twitter.com/_jayphelps • Jan 5
I thought the exact same thing but was too lazy to get my laptop out so I could scan the pictures with my phone to check if they indeed contain the unique code too or just the same generic URL 😂 in case it wasn’t obvious they’re not my screenshots. Hopefully the codes expire.

They do! They also don't (can't) contain any identifying information at this stage in the flow. The only risk in sharing these screenshots is if you share them within like 10 minutes of seeing it, and then the "attacker" can log in their account to your TV so 🤷‍♂️

Portland, Oregon • 42°F

Tue, Jan 4, 2022 10:10pm -08:00

3 replies
Have you written a response to this? Let me know the URL:
- Aaron Parecki twitter.com/aaronpk
  
  Fair! Thankfully these codes come from the authorization server rather than the app, so unless you're also building our own AS there's less of a chance of messing that one up! Your comment about the QR code is spot on tho! That's an optimization the app dev can do for better UX
  
  Wed, Jan 5, 2022 2:04pm +00:00 (via brid.gy)
- Tobi Adeleke twitter.com/TobiAdeleke4
  
  Same here but Lab_cyber on Instagram help me fix mine successful after a long wait go follow them for help
  
  Wed, Jan 5, 2022 8:03am +00:00 (via brid.gy)
- 👉😎👉 Jay Phelps twitter.com/_jayphelps
  
  Hopefully so! I wouldn’t personally bet that the devs of every TV app correctly expire these codes within a short time frame 😅 I’ve seen far worse security gaffes, I’m sure you have too.
  
  Wed, Jan 5, 2022 6:16am +00:00 (via brid.gy)

Posted in /replies using indigenous.abode.pub/ios