/files/slides/002-01_FLVUA8_leaking-kakao-how-i-found-a-1-click-exploit-in-korea-s-biggest-chat-app.pdf
View SlidesKakaoTalk is the WhatsApp of South Korea with more than 100 million downloads from the Google Playstore. In this talk we show how multiple vulnerabilities in a chat app can lead to the disclosure of users’ messages. We do this by presenting an account takeover “one-click” exploit in KakaoTalk’s regular chat room without breaking cryptography or escaping the app’s sandbox. We also release our tooling so that fellow security researchers can dig into KakaoTalk’s broad attack surface to find more bugs.
Hey. I’m Dawin, yet another independent security researcher based in Munich. I’m interested in Android security, rock climbing and Drum and Bass music.