Totally Pwning the Tapplock Smart Lock (the API way)

tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This

medium.com