Personal Information Leaks with Automatic Login in Mobile Social Network Services

To log in to a mobile social network service (SNS) server, users must enter their ID and password to get through the authentication process. At that time, if the user sets up the automatic login option on the app, a sort of security token is created on the server based on the user’s ID and password. This security token is called a credential. Because such credentials are convenient for users, they are utilized by most mobile SNS apps. However, the current state of credential management for the majority of Android SNS apps is very weak. This paper demonstrates the possibility of a credential cloning attack. Such attacks occur when an attacker extracts the credential from the victim’s smart device and inserts it into their own smart device. Then, without knowing the victim’s ID and password, the attacker can access the victim’s account. This type of attack gives access to various pieces of personal information without authorization. Thus, in this paper, we analyze the vulnerabilities of the main Android-based SNS apps to credential cloning attacks, and examine the potential leakage of personal information that may result. We then introduce effective countermeasures to resolve these problems

Combating Web Tracking: Analyzing Web Tracking Technologies for User Privacy

Behind everyday websites, a hidden shadow world tracks the behavior of Internet users. Web tracking analyzes online activity based on collected data and delivers content tailored to users’ interests. It gathers vast amounts of information for various purposes, ranging from sensitive personal data to seemingly minor details such as IP addresses, devices, browsing histories, settings, and preferences. While Web tracking is largely a legitimate technology, the increase in illegal user tracking, data breaches, and the unlawful sale of data has become a growing concern. As a result, the demand for technologies that can detect and prevent Web trackers is more important than ever. This paper provides an overview of Web tracking technologies, relevant research, and website measurement tools designed to identify web-based tracking. It also explores technologies for preventing Web tracking and discusses potential directions for future research