YifanMar 20

‼️H&R Block Business 2025 Backdoor‼️

I found a TLS backdoor in H&R Block software. They install a wildcard root CA (expiry 2049) into your trusted root certificate store and include the private key in the application DLL.

https://www.youtube.com/watch?v=5paxvYkz1QE

https://hrbackdoor.yifanlu.com

H&R Block Business 2025 Backdoor Exposed

YouTube
Show threadSpeed demon 🇪🇺 🇳🇴🇺🇦🇵🇸4d ago
@yifanlu "and include the private key in the application DLL." Why are they doing that? Is the app supposed to generate new certs?
Show threadYifan
@hakona it's for local IPC between the backend database process and the UI process they do generate a new leaf cert (and send the cert through a completely untrusted channel). My guess is they hit some warning/error about untrusted certificate and decided this was the best solution.
Mar 24 at 10:06pmIvory for iOS