Friday from 10:00 – 11:50 in Sunset 6 at Planet Hollywood
Audience: Offense: Mobile Application Pentesters, Hackers Defense: Cloud Backend Operators Mobile Application Developers who use cloud SDK Hyunjun Park & Soyeon Kim

Mobile app developers are increasingly using cloud services to implement features such as storage, push notifications, and user data analysis. Popular cloud service including AWS provides SDK and credential keys that allow mobile apps to authenticate and authorize cloud resources so that developers can implement features by calling APIs. However, we identify a vulnerability that those credential keys can be obtained by attackers. Within this demo, we will present how to steal cloud credential keys with soFrida: a dynamic analysis tool, powered by Frida. With soFrida, security researchers or engineers can quickly collect Android APKs and analyze cloud vulnerabilities in Android apps, helping to prevent serious security incidents such as data leaks. We have discovered 2,700 potentially vulnerable mobile apps by using soFrida and currently collaborate with the cloud service provider to eliminate security vulnerabilities. Detailed statistics can be found on our website:

Hyunjun Park
Hyunjun Park is a senior engineer of Samsung SDS in South Korea and a graduate student of SANE Lab at Korea University (Supervisor: Seungjoo Gabriel Kim). His daily job is pentesting a broad range of Samsung products including smartphone, smart TV, wearable devices, etc. He also serves as the main staff of Kimchicon Security Conference in South Korea.

Soyeon Kim
Soyeon Kim is a security researcher of Samsung SDS in South Korea. She is mainly doing a security assessment of Samsung IoT products. She is interested in analyzing Android apps and IOS apps using Frida.