{
  "docId": "019dd923-622c-750b-8b96-2fbe642fbf78",
  "docSlug": "69cc18cfe079",
  "documentTitle": "NQ Mobile (NQ)",
  "authorId": "51_Muddy_Waters",
  "authorName": "Carson C. Block",
  "documentKindSlug": "research-note",
  "documentKindLabel": "Research note",
  "sourceTypeSlug": "short_seller",
  "sourceTypeLabel": "Short seller",
  "presentationDate": "2013-10-24 00:00:00",
  "orientation": "portrait",
  "aspectRatio": 0.77272725,
  "pageNumber": 81,
  "pageCount": 81,
  "prevPage": 80,
  "nextPage": null,
  "slideType": "appendix_disclosure",
  "function": "diagnose_problem",
  "density": "balanced",
  "nDataPoints": 0,
  "notes": "This appears to be a concluding page of a security research report detailing a specific exploit path.",
  "elementsJson": [
    "paragraph"
  ],
  "metadataConfidence": 0.9,
  "imagePath": null,
  "slideHref": "/slides/019dd923-622c-750b-8b96-2fbe642fbf78/81",
  "deckHref": "/decks/019dd923-622c-750b-8b96-2fbe642fbf78",
  "deckJsonHref": "/decks/019dd923-622c-750b-8b96-2fbe642fbf78.json",
  "deckAnchorHref": "/decks/019dd923-622c-750b-8b96-2fbe642fbf78#slide-81",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "This technically leads to remote code execution on the device.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd953-0936-7173-ab12-463ef65807d0",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.041,
        "w": 0.764,
        "x": 0.118,
        "y": 0.223
      },
      "kind": "paragraph",
      "text": "The fact that the app is not using standard encryption is very odd especially when dealing with a company that is providing security products. Using standard SSL encryption could have prevented (or at least make it fairly impractical) this risk and others.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "06f4bf71-160b-4146-8e00-2bc9da8c1b09",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.055,
        "w": 0.764,
        "x": 0.118,
        "y": 0.094
      },
      "kind": "paragraph",
      "text": "Later on, we decided to go further and see whether we could override existing files and bypass the user intervention to get rid of the message box. We found out that if we change the returned XML without the message related fields, then no message box is displayed for the user.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "294bbc9f-46ae-4826-bf46-c79816846326",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.055,
        "w": 0.764,
        "x": 0.118,
        "y": 0.158
      },
      "kind": "paragraph",
      "text": "This technically leads to remote code execution on the device. We have to emphasis that this is not a vulnerability in the code, in contrary, this is part of a normal flow control of the code and can be easily exploited to push files to the device which are controlled by the server and could be malicious!",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ef91b7a6-dbc2-4598-ad9b-3c280f03c52a",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.014,
        "w": 0.072,
        "x": 0.81,
        "y": 0.955
      },
      "kind": "source-note",
      "text": "Page 81 of 81",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "b43d034e-37c2-42ae-80c7-e8c47f3beea6",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [],
  "loops": [],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}