3,359 research outputs found
Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps
This paper presents a measurement study of information leakage and SSL
vulnerabilities in popular Android apps. We perform static and dynamic analysis
on 100 apps, downloaded at least 10M times, that request full network access.
Our experiments show that, although prior work has drawn a lot of attention to
SSL implementations on mobile platforms, several popular apps (32/100) accept
all certificates and all hostnames, and four actually transmit sensitive data
unencrypted. We set up an experimental testbed simulating man-in-the-middle
attacks and find that many apps (up to 91% when the adversary has a certificate
installed on the victim's device) are vulnerable, allowing the attacker to
access sensitive information, including credentials, files, personal details,
and credit card numbers. Finally, we provide a few recommendations to app
developers and highlight several open research problems.Comment: A preliminary version of this paper appears in the Proceedings of ACM
WiSec 2015. This is the full versio
MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs
Smartphones, the devices we carry everywhere with us, are being heavily
tracked and have undoubtedly become a major threat to our privacy. As "tracking
the trackers" has become a necessity, various static and dynamic analysis tools
have been developed in the past. However, today, we still lack suitable tools
to detect, measure and compare the ongoing tracking across mobile OSs. To this
end, we propose MobileAppScrutinator, based on a simple yet efficient dynamic
analysis approach, that works on both Android and iOS (the two most popular OSs
today). To demonstrate the current trend in tracking, we select 140 most
representative Apps available on both Android and iOS AppStores and test them
with MobileAppScrutinator. In fact, choosing the same set of apps on both
Android and iOS also enables us to compare the ongoing tracking on these two
OSs. Finally, we also discuss the effectiveness of privacy safeguards available
on Android and iOS. We show that neither Android nor iOS privacy safeguards in
their present state are completely satisfying
A TEXT MINING APPROACH TO THE ANALYSIS OF INFORMATION SECURITY AWARENESS: KOREA, UNITED STATES, AND CHINA
Recently in Korea, the importance of information security awareness has been receiving a growing attention. Attacks such as social engineering and ransomware are hard to prevent because it cannot be solved by information security technology. Also, the profitability of information security industry has been decreasing for years. Because of this, many companies try to find a new growth-engine and an entry to the foreign market. The main purpose of this paper is to draw out some information security issues that people of each country think and to analyze it. Finally, this study identifies issues and suggests how to improve the situation in Korea. For this, Topic Modeling analysis has been used to find information security issues of each country. Moreover, the score of sentiment analysis has been used to compare each country. The study contributes to the literature by exploring and explaining what critical issues are and how to improve the situation based on the identified issues of the Korean information security industry. Also, this study adds to the literature by demonstrating how text mining can be applied to the context of information security awareness. From a pragmatic perspective, the study has the implications for information security enterprises. This study is expected to provide a new and realistic method of analyzing domestic and foreign issues using the analyzing real data of the Twitter API
Privacy Implications of Health Information Seeking on the Web
This article investigates privacy risks to those visiting health- related web
pages. The population of pages analyzed is derived from the 50 top search
results for 1,986 common diseases. This yielded a total population of 80,124
unique pages which were analyzed for the presence of third-party HTTP requests.
91% of pages were found to make requests to third parties. Investigation of
URIs revealed that 70% of HTTP Referer strings contained information exposing
specific conditions, treatments, and diseases. This presents a risk to users in
the form of personal identification and blind discrimination. An examination of
extant government and corporate policies reveals that users are insufficiently
protected from such risks
- …