Secure Messengers and Man in the Contacts Attack

Explore the Man in the Contacts (MitC) attack and its implementation in this conference talk from OWASP AppSec EU 2018. Learn about the vulnerabilities in smartphone contact management that allow malicious applications to manipulate contact data for impersonation and communication interception. Discover how the speakers built and deployed a functional MitC implementation within a game published on Google's Play Store, demonstrating its potential as a spear phishing weapon. Gain insights into the responses from popular messaging apps, see a live demonstration, and understand possible mitigations for this security threat in mobile ecosystems.