Personal Information Leaks with Automatic Login in Mobile Social Network Services
AbstractTo log in to a mobile social network service (SNS) server, users must enter their ID and password to get through the authentication process. At that time, if the user sets up the automatic login option on the app, a sort of security token is created on the server based on the user’s ID and password. This security token is called a credential. Because such credentials are convenient for users, they are utilized by most mobile SNS apps. However, the current state of credential management for the majority of Android SNS apps is very weak. This paper demonstrates the possibility of a credential cloning attack. Such attacks occur when an attacker extracts the credential from the victim’s smart device and inserts it into their own smart device. Then, without knowing the victim’s ID and password, the attacker can access the victim’s account. This type of attack gives access to various pieces of personal information without authorization. Thus, in this paper, we analyze the vulnerabilities of the main Android-based SNS apps to credential cloning attacks, and examine the potential leakage of personal information that may result. We then introduce effective countermeasures to resolve these problems. View Full-Text
Scifeed alert for new publicationsNever miss any articles matching your research from any publisher
- Get alerts for new papers matching your research
- Find out the new papers from selected authors
- Updated daily for 49'000+ journals and 6000+ publishers
- Define your Scifeed now
Choi, J.; Cho, H.; Yi, J.H. Personal Information Leaks with Automatic Login in Mobile Social Network Services. Entropy 2015, 17, 3947-3962.
Choi J, Cho H, Yi JH. Personal Information Leaks with Automatic Login in Mobile Social Network Services. Entropy. 2015; 17(6):3947-3962.Chicago/Turabian Style
Choi, Jongwon; Cho, Haehyun; Yi, Jeong H. 2015. "Personal Information Leaks with Automatic Login in Mobile Social Network Services." Entropy 17, no. 6: 3947-3962.