Watch a security conference presentation from Hack In The Box that exposes critical vulnerabilities in Flutter mobile applications through reverse engineering techniques. Learn about the B(l)utter tool's capabilities in extracting metadata and analyzing compiled code from Flutter apps, revealing concerning security practices. Discover the findings from a statistical analysis of 100 Flutter applications, including seven cases of hardcoded sensitive information and a particularly alarming case involving a private cryptographic key in an app with over 5 million users. Explore the methodology behind gathering Flutter applications, using the B(l)utter tool for decompilation, and analyzing the extracted data to uncover developmental information, exposed cryptographic keys, access tokens, and API keys. Gain valuable insights into the security implications of hardcoding credentials in Flutter applications and understand the urgent need for developers to address these vulnerabilities.
Exploring Security Vulnerabilities in Flutter Mobile Applications
Hack In The Box Security Conference via YouTube
Overview
Syllabus
#HITB2024BKK #COMMSEC D2: Exploring Vulnerabilities in Flutter Mobile Apps
Taught by
Hack In The Box Security Conference
Related Courses
-
B(l)utter - Reversing Flutter Applications - HITB2023HKT COMMSEC Day 2
-
Security and Auditing in Ethereum
-
Securing Mobile App Secrets: Preventing Credential Leaks in Android Applications
-
Dynamic Analysis of Complex Mobile Applications
-
Hunting Vulnerabilities of gRPC Protocol Armed Mobile - IoT Applications
-
OWASP MASVS and Mobile App Security Threats - Understanding Resilience and Reverse Engineering in 2023
