|
Multiple Device Login Attacks and
Countermeasures of Su Wan Park and Jeong
Hyun Yi+ School of Compuer
Science and Engineering, Soongsil University Seoul, 156-743, Korea {skyhwen, jhyi}@ssu.ac.kr
Abstract Because Android apps are structurally easy to
decompile, attackers may, using reverse engineering, modify the source code
or inject some code of his choice. If a mobile messenger app were to be attacked
in the same nature, the attacker can bypass the authentication mechanism
applied on the app to not only view past conversations and Time line records
of a particular user but to also receive and view real time conversations. In
addition, there are widespread attacks on the apps’ weak points depending on
the app such as wiretapping VoIP and other voice messages or illegally use of
pay items. Therefore, in this paper, we analyze the security weak points of app
A and app
B, two representative Android
message apps, and propose effective solutions. Keywords: android,
repackaging, multi device login, voip +: Corresponding author: Jeong Hyun Yi Korea,
Tel: +82-2-821-0914, Web: http://msec.ssu.ac.kr/ Journal of Internet Services and Information Security (JISIS), 4(4): 115-126, November 2014 [pdf] |