This article is an up-to-date version of a research I first presented at App Sec Forum Western Switzerland 2012 and then at Hack in the Box 2013 (Amsterdam). This article is not intended to be formal, but more to be used as a technical reference for details that were not explained in the slides. [2013-04-11] PCWorld [2013-04-13] Le Monde Informatique [2013-10-16] I presented a followup as a rump s