No announcement yet.

soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend

  • Filter
  • Time
  • Show
Clear All
new posts

  • soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend

    Friday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood
    Audience: Offense: Mobile Application Pentesters, Hackers Defense: Cloud Backend Operators Mobile Application Developers who use cloud SDK Hyunjun Park & Soyeon Kim

    Mobile app developers are increasingly using cloud services to implement features such as storage, push notifications, and user data analysis. Popular cloud service including AWS provides SDK and credential keys that allow mobile apps to authenticate and authorize cloud resources so that developers can implement features by calling APIs. However, we identify a vulnerability that those credential keys can be obtained by attackers. Within this demo, we will present how to steal cloud credential keys with soFrida: a dynamic analysis tool, powered by Frida. With soFrida, security researchers or engineers can quickly collect Android APKs and analyze cloud vulnerabilities in Android apps, helping to prevent serious security incidents such as data leaks. We have discovered 2,700 potentially vulnerable mobile apps by using soFrida and currently collaborate with the cloud service provider to eliminate security vulnerabilities. Detailed statistics can be found on our website:

    Hyunjun Park
    Hyunjun Park is a senior engineer of Samsung SDS in South Korea and a graduate student of SANE Lab at Korea University (Supervisor: Seungjoo Gabriel Kim). His daily job is pentesting a broad range of Samsung products including smartphone, smart TV, wearable devices, etc. He also serves as the main staff of Kimchicon Security Conference in South Korea.

    Soyeon Kim
    Soyeon Kim is a security researcher of Samsung SDS in South Korea. She is mainly doing a security assessment of Samsung IoT products. She is interested in analyzing Android apps and IOS apps using Frida.