Exploring Security Vulnerabilities in Flutter Mobile Applications
Hack In The Box Security Conference via YouTube
Overview
Watch a security conference presentation from Hack In The Box that exposes critical vulnerabilities in Flutter mobile applications through reverse engineering techniques. Learn about the B(l)utter tool's capabilities in extracting metadata and analyzing compiled code from Flutter apps, revealing concerning security practices. Discover the findings from a statistical analysis of 100 Flutter applications, including seven cases of hardcoded sensitive information and a particularly alarming case involving a private cryptographic key in an app with over 5 million users. Explore the methodology behind gathering Flutter applications, using the B(l)utter tool for decompilation, and analyzing the extracted data to uncover developmental information, exposed cryptographic keys, access tokens, and API keys. Gain valuable insights into the security implications of hardcoding credentials in Flutter applications and understand the urgent need for developers to address these vulnerabilities.
Syllabus
#HITB2024BKK #COMMSEC D2: Exploring Vulnerabilities in Flutter Mobile Apps
Taught by
Hack In The Box Security Conference