BSides Kerala 2026

Speaker

Speaker Bio

Mobile Security Researcher at Team bi0s.

Sam MG Harish is a mobile security researcher specializing in Android application security, vulnerability research, and analysis of complex application architectures. A B.Tech Cyber Security student at Amrita Vishwa Vidyapeetham and a researcher with Team bi0s, he has analyzed 40+ Android applications, uncovering real-world security issues with a focus on WebView security, native bridge interactions, and chaining multiple low-severity issues into impactful vulnerabilities.

He has solved 100+ CTF challenges and secured top positions, including 1st place at Black Hat MEA 2025 Mobile Hacking Lab CTF and H7CTF 2025, and 3rd place at DEFCON 33 Mobile CTF.

He has also worked on Android security analysis tools, including AI-assisted static analysis pipelines and dynamic instrumentation workflows using Frida, focusing on practical and real-world security testing. His research highlights patterns of vulnerabilities in widely used mobile applications, with an emphasis on understanding how different components interact to create unintended attack surfaces. He is also an active speaker, delivering technical sessions on mobile security and modern attack techniques.

Talk at BSides Kerala 2026

Techncial Talk

One Tap to Own Them All: Chaining WebView Flaws into a 1-Click Account Takeover

Hacker Ground Beginner - Intermediate 30 Minutes

In this talk, we explore what happens behind the scenes when a user interacts with a link inside a mobile application. A single tap can trigger a chain of interactions involving WebView rendering, navigation handling, and communication between web and native components.

We examine how these interactions collectively form an attack surface, and how subtle gaps in validation, isolation, or trust boundaries can be leveraged by attackers. By analyzing these patterns, we highlight how multiple small issues can be chained together to create high-impact scenarios, including one-click account takeover situations.

The session focuses on understanding these attack surfaces from both offensive and defensive perspectives, helping security researchers and developers recognize risky patterns and design safer application flows

Date

9 May 2026

Time

2:00 PM - 2:30 PM IST

Venue

Hacker Ground

Format

Technical Talk