Security analysis of mobile QQ

Abstract

Mobile QQ is the smartphone version of the most popular IM software QQ in China. This paper studies the encipher system and communication protocol of mobile QQ and analyzes its security flaws. We found some security risks of mobile QQ and some of which are fatal especially in a weak wireless environment: Any attacker who could access the communication channel could easily recover the encrypted message packet during the communication without the knowledge of the user's password; the user's password is vulnerable by brute-force attack or rainbow table attack in the protocol; the complicated encryption mode of TEA used in mobile QQ could be bypassed.