Hijacking Netflix SMS

sijan.dev · bugbountydaily · 2 months ago · threat
0 net
Tags
bug-bounty malware phishing
This blog post explains a security vulnerability in Netflix’s SMS login system that let attackers send fake OTP messages from Netflix’s official short code. By exploiting an unvalidated androidAppHash, the bug enabled SMS phishing and malware distribution at scale. The author details the bug bounty report, Netflix’s fix, and key lessons on SMS security and server-side validation.
← Back to stories