Abusing WebViews to steal all the files

Presented at THOTCON 0xB (2021) Rescheduled, Oct. 8, 2021, 3:30 p.m. (25 minutes).

Let's explore the world of Android WebViews through two popular applications - an Android email client and an advertising platform. Through these case studies, we will learn how insecure WebViews provided remote attackers and advertisers access to user's external storage.


Presenters:

  • Jesson Soto
    Jesson just likes to hack things. If it collects data, has lights, or does something cool there's a good chance Jesson has considered hacking on it to figure out how it works and making it do something else. Currently, Jesson applies all the skills he's learned from various junk hacking projects at Carve Systems, LLC as senior information security consultant.

Similar Presentations: