App Analysis: Victor Smart-Kill Mouse Trap

No self respecting mouse in 2020 would be caught dead by your spring and wood mousetrap, modern problems require modern solutions. Introducing the Victor Smart-Kill Mouse Trap, the mouse trap for the digital age. The mouse trap is Wi-Fi connected and can give you real-time statistics on when you've reaped another mousy soul from this plane of existence.

The monitoring application associated with this mouse trap is available for both iOS and Android, with the Google Playstore recording over +10k installs. In order to access the API of the Victor Smart-Kill monitoring App a user is required to scan the QR code attached to their device, creating a barrier to entry for the average app analyst.

Victor Smart-Kill Mouse Trap

Unboxing Videos: Thank you.

Analyzing the Victor Smart-kill mouse trap would have been quite difficult without the physical mouse trap. The app requires you to scan your traps QR code before proceeding with much functionality or interacting with the API. When an application is associated with a piece of hardware it generally creates a financial barrier to analysis, without the device the app is for how are you supposed to know what to look at? This is where popular unboxing videos come in.

Luckily there are unboxing videos for this very model and thankfully they show their QR code while setting up their own trap. Note: I'm not condoning hijacking these unboxers hardware, in this instance I stopped before I hijacked the mouse trap, but it could've been possible so be aware of this unboxers.

QR Code revealed during unboxing video.

Surveying Mouse Traps

Immediately upon scanning a QR code associated with a mouse trap the API will return one of two responses. The first tells you that the mouse trap is already associated with an account, which is the case when scanning the QR code in the image above. However, when incrementing the mouse trap serial number (the number next to the QR code and the one it encodes) you can find mouse traps adjacent to the one above.

Surveying the mouse traps with serial numbers adjacent to the one seen in the unboxing video, the second type of response was observed. This response contained information such as the number of total kills, owner name, owner email, Wi-Fi SSID, lat/long, and more. While surveying the data, the fields which contained sensitive information such as emails and names were observed not to be filled in, however this was on a small sample set of 200 mouse traps using a python script.

Victor Smart-Kill mouse trap with 18 confirmed kills.

Conclusions

Through leveraging unboxing videos the Victor Smart-Kill mouse trap was analyzed and revealed a hidden trove of information about the number of mouse deaths associated with any given trap.

What do you think? Tweet @theappanalyst1 with your thoughts. Thanks for reading!