Deep Dive into Experimenting with Messaging App Vulnerabilities

Deep Dive into Experimenting with Messaging App Vulnerabilities


The Corellium team teamed up with Marco Chomut of TFP0 Labs to examine messaging app vulnerabilities and how to use Corellium’s new vulnerable app for iOS, GlitchChat, to identify and experiment with exploits. 

Watch the complete webinar or keep reading to learn more about experimenting with messaging app vulnerabilities.

Corellium Cafe: The First Intentionally Vulnerable App

In conjunction with the Corellium app, we have developed add-on resources to aid security researchers with mobile pen testing. About a year ago, we created our first intentionally vulnerable app, Corellium Café, which challenged users to find local storage, network, misconfiguration, and runtime vulnerabilities. Corellium has been using Café for mobile app security testing and demonstrations to find vulnerabilities in data at rest or in motion. 

Security researchers can get a taste for reverse engineering iOS apps using Corellium Café. The app is available for iOS and Android. 

Now, Corellium has released its second intentionally vulnerable app, GlitchChat, a messaging app for iOS. GlitchChat is an in-depth, fully functioning, well-thought-out app that is fun to use for mobile app testing or developing new pen testing skills. 

GlitchChat has been specifically designed to model real-world zero-click vulnerabilities, so the end user doesn’t have to do anything for a remote attacker to exploit the device. The app includes a server component, meaning you can send and receive messages on a virtual device.

GlitchChat Sandbox App for Testing Vulnerabilities

Many current threats target mobile message apps exploiting vulnerabilities using 0-click techniques to steal data or compromise the device. The built-in GlitchChat vulnerabilities are ripe for exploitation. They include three areas of concern:

  • Arbitrary Javascript via Link Preview Generation
  • Unsafe actions in a Custom URI Handler Vulnerability
  • Custom Image Parser Vulnerability (using the libpng library) with buffer overflows and info leaks.

GlitchChat was designed to provide researchers with a safe environment to experiment with 0-click exploits using features provided by Corellium. Corellium provides the GlitchChat application as an IPA, and Python-based server, so you are all set to begin using it to test for vulnerabilities.

You can intercept traffic and any exposed image paths using the built-in Network Monitor. Some JavaScript can scan for other files and send them to a remote server, and with a little bit of social engineering, you could influence the user to click a link swapping out a legitimate image file for malware that copies password files.

GlitchChat is only available for iOS now but may be available on Android in the future.

Solution-Guided Messaging App Vulnerability Scenarios

Corellium has a web page to guide you through three demo scenarios to observe and identify vulnerabilities while using the GlitchChat app. These guides will help you maneuver using Corellium and some other third-party tools to perform some of the challenges and tasks to advance your pen testing skills. Each scenario walks you through downloading and setting up the package and gives you hints and ideas of where to go to look for specific things.

Don’t worry if you get stuck; each of the scenarios includes an answer key at the bottom so you can check your work or learn how a specific exploit occurred.

Using Corellium GlitchChat in Your Security Work

Watch the full webinar on-demand to learn how to use Corellium GlitchChat in your security research work and enjoy the demo of three different exploits.