KakaoTalk, a popular Android application with over 100 million users, has been recently found to have a critical vulnerability that could potentially compromise user data and access. While KakaoTalk offers a variety of services such as payment, ride-hailing, shopping, and email, it lacks default end-to-end encryption, leaving users susceptible to security threats.
The vulnerability, assigned with CVE-2023-51219, allows an unauthorized remote threat actor to leak an access token through an HTTP request header. This token can then be used to hijack a user’s account and access their chat messages by registering an attacker-controlled device. The severity of this vulnerability is still being assessed, raising concerns about the safety of user data on the platform.
Reports shared with Cyber Security News highlight the main entry point of this vulnerability as the CommerceBuyActivity webview in KakaoTalk. This webview has multiple attack points, including the ability to start with a Deep link, support for JavaScript, and Intent:// that can send data to non-exported app components. The vulnerability also leaks an Authorization HTTP header, which can be exploited through a Netcat listener in a terminal window.
While there is some validation to prevent loading arbitrary attacker-controlled URLs, the analysis of the code reveals that the path, query, and fragment of the URL are based on the attacker’s input. This loophole allows threat actors to exploit the vulnerability and gain unauthorized access to user accounts and data.
Researchers also identified an exploit involving URL redirection to DOM XSS on KakaoTalk. By leveraging a same-site open-redirect vulnerability for malicious purposes, attackers were able to exploit a Stored XSS payload on the m.shoppinghow.kakao.com subdomain. This XSS flaw allowed attackers to create a malicious deep link that leaked the user’s access token via the Authorization header.
Once the access token was obtained, attackers could take over the victim’s Kakao mail account or create a new account to access chat messages. The vulnerability also allowed attackers to overwrite the user’s registered mail address without additional checks, further compromising user security.
Additionally, researchers detailed other potential exploits, including password reset vulnerabilities and malicious deep link creation. A proof-of-concept has been published on GitHub, showcasing the potential risks associated with the KakaoTalk vulnerability.
As users become increasingly reliant on digital platforms for communication and services, the importance of robust security measures cannot be understated. The discovery of vulnerabilities in widely-used applications like KakaoTalk serves as a reminder of the constant threat posed by cybercriminals. It is essential for users to remain vigilant and adopt best practices to protect their data and privacy in an ever-evolving digital landscape.