Dawin Schmidt
Hey. I'm Dawin, yet another independent security researcher based in Munich. I'm interested in Android security, rock climbing and Drum and Bass music.
Session
11-11
10:00
30min
Leaking Kakao: How I found a 1-Click Exploit in Korea's Biggest Chat App
Dawin Schmidt
KakaoTalk is the WhatsApp of South Korea with more than 100 million downloads from the Google Playstore. In this talk we show how multiple vulnerabilities in a chat app can lead to the disclosure of users' messages. We do this by presenting an account takeover "one-click" exploit in KakaoTalk's regular chat room without breaking cryptography or escaping the app's sandbox. We also release our tooling so that fellow security researchers can dig into KakaoTalk's broad attack surface to find more bugs.
Talks
WestIn - Partenkirchen