Mind the Bridge - A New Attack Model for Hybrid Mobile Applications

Explore a groundbreaking attack model for hybrid mobile applications in this conference talk from the Hack In The Box Security Conference. Delve into the world of "Javascript bridges" and uncover a novel class of vulnerabilities in hybrid apps that combine web and native mobile app features. Learn about three vulnerability models that can lead to attacks, bypassing existing validation and restriction technologies. Gain insights into the embedded browser architecture and understand the root cause of these security risks. Discover a new automated tool for vetting hybrid apps and examine a practical mitigation measure called "RichInterface" implemented in a custom embedded browser. Evaluate the effectiveness and scalability of this solution through real-world app examples, presented by an experienced security researcher with expertise in browser and Android application security.