Next Article in Journal
Most Likely Maximum Entropy for Population Analysis with Region-Censored Data
Next Article in Special Issue
Identity Authentication over Noisy Channels
Previous Article in Journal
Entropy-Based Privacy against Profiling of User Mobility
Previous Article in Special Issue
The Switching Generator: New Clock-Controlled Generator with Resistance against the Algebraic and Side Channel Attacks
Open AccessArticle

Personal Information Leaks with Automatic Login in Mobile Social Network Services

School of Computer Science and Engineering, Soongsil University, Seoul 156-743, Korea
Author to whom correspondence should be addressed.
Academic Editors: James Park and Wanlei Zhou
Entropy 2015, 17(6), 3947-3962;
Received: 17 January 2015 / Revised: 9 May 2015 / Accepted: 5 June 2015 / Published: 10 June 2015
To log in to a mobile social network service (SNS) server, users must enter their ID and password to get through the authentication process. At that time, if the user sets up the automatic login option on the app, a sort of security token is created on the server based on the user’s ID and password. This security token is called a credential. Because such credentials are convenient for users, they are utilized by most mobile SNS apps. However, the current state of credential management for the majority of Android SNS apps is very weak. This paper demonstrates the possibility of a credential cloning attack. Such attacks occur when an attacker extracts the credential from the victim’s smart device and inserts it into their own smart device. Then, without knowing the victim’s ID and password, the attacker can access the victim’s account. This type of attack gives access to various pieces of personal information without authorization. Thus, in this paper, we analyze the vulnerabilities of the main Android-based SNS apps to credential cloning attacks, and examine the potential leakage of personal information that may result. We then introduce effective countermeasures to resolve these problems. View Full-Text
Keywords: credential; Android vulnerability; authentication; personal information leakage credential; Android vulnerability; authentication; personal information leakage
MDPI and ACS Style

Choi, J.; Cho, H.; Yi, J.H. Personal Information Leaks with Automatic Login in Mobile Social Network Services. Entropy 2015, 17, 3947-3962.

Show more citation formats Show less citations formats

Article Access Map by Country/Region

Only visits after 24 November 2015 are recorded.
Search more from Scilit
Back to TopTop