Leaking Kakao: How I found a 1-Click Exploit in Korea's Biggest Chat App

Recordings

http://youtu.be/wgckSBxg7t0

View Recording

Slides

/files/slides/002-01_FLVUA8_leaking-kakao-how-i-found-a-1-click-exploit-in-korea-s-biggest-chat-app.pdf

View Slides

Abstract

KakaoTalk is the WhatsApp of South Korea with more than 100 million downloads from the Google Playstore. In this talk we show how multiple vulnerabilities in a chat app can lead to the disclosure of users’ messages. We do this by presenting an account takeover “one-click” exploit in KakaoTalk’s regular chat room without breaking cryptography or escaping the app’s sandbox. We also release our tooling so that fellow security researchers can dig into KakaoTalk’s broad attack surface to find more bugs.

Dawin Schmidt

Hey. I’m Dawin, yet another independent security researcher based in Munich. I’m interested in Android security, rock climbing and Drum and Bass music.