Next Article in Journal
Most Likely Maximum Entropy for Population Analysis with Region-Censored Data
Next Article in Special Issue
Identity Authentication over Noisy Channels
Previous Article in Journal
Entropy-Based Privacy against Profiling of User Mobility
Previous Article in Special Issue
The Switching Generator: New Clock-Controlled Generator with Resistance against the Algebraic and Side Channel Attacks
Article Menu

Export Article

Open AccessArticle
Entropy 2015, 17(6), 3947-3962; doi:10.3390/e17063947

Personal Information Leaks with Automatic Login in Mobile Social Network Services

School of Computer Science and Engineering, Soongsil University, Seoul 156-743, Korea
*
Author to whom correspondence should be addressed.
Academic Editors: James Park and Wanlei Zhou
Received: 17 January 2015 / Revised: 9 May 2015 / Accepted: 5 June 2015 / Published: 10 June 2015
View Full-Text   |   Download PDF [1775 KB, uploaded 10 June 2015]   |  

Abstract

To log in to a mobile social network service (SNS) server, users must enter their ID and password to get through the authentication process. At that time, if the user sets up the automatic login option on the app, a sort of security token is created on the server based on the user’s ID and password. This security token is called a credential. Because such credentials are convenient for users, they are utilized by most mobile SNS apps. However, the current state of credential management for the majority of Android SNS apps is very weak. This paper demonstrates the possibility of a credential cloning attack. Such attacks occur when an attacker extracts the credential from the victim’s smart device and inserts it into their own smart device. Then, without knowing the victim’s ID and password, the attacker can access the victim’s account. This type of attack gives access to various pieces of personal information without authorization. Thus, in this paper, we analyze the vulnerabilities of the main Android-based SNS apps to credential cloning attacks, and examine the potential leakage of personal information that may result. We then introduce effective countermeasures to resolve these problems. View Full-Text
Keywords: credential; Android vulnerability; authentication; personal information leakage credential; Android vulnerability; authentication; personal information leakage
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Choi, J.; Cho, H.; Yi, J.H. Personal Information Leaks with Automatic Login in Mobile Social Network Services. Entropy 2015, 17, 3947-3962.

Show more citation formats Show less citations formats

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Entropy EISSN 1099-4300 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top