Techly NewsGet the app

Get the latest tech news

I found a 1-click exploit in South Korea's biggest mobile chat app


Stealing another KakaoTalk user’s chat messages with a simple 1-click exploit.

In this blog post we show how multiple low-hanging fruit vulnerabilities in KakaoTalk’s Android app can lead to the disclosure of users’ messages. A deep link validation issue in KakaoTalk 10.4.3 allows a remote adversary to run arbitrary JavaScript in a WebView that leaks an access token in a HTTP request header. The goal of the PoC is to register KakaoTalk for Windows/MacOS or the open-source client KiwiTalk to a victim’s account to read her/his non-end-to-end encrypted chat messages.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of South Korea

South Korea

Photo of app

app

Photo of click exploit

click exploit

Related news:

News photo

ElevenLabs launches iOS app that turns ‘any’ text into audio narration with AI

News photo

Gen Z photos app Swipewipe sells to French publisher MWM in its largest acquisition to date

News photo

Fedora 41 Installer Proceeding To Transition From X11 To Wayland App

« Show HN: Glasskube – Open Source Kubernetes Package Manager, alternative to Helm
Everyday is a Birthday A Journey to a classic problem through Math and Rust »