{"title":"iOS社交网络和消息应用的网络取证分析","authors":"Arpita Jadhav Bhatt, Chetna Gupta, S. Mittal","doi":"10.1109/IC3.2018.8530576","DOIUrl":null,"url":null,"abstract":"What type of user data are the mobile applications sending? With the plethora of mobile applications available on the online stores, most of the users are unaware about the security risks they may pose. These include breaching end user's privacy by sharing unencrypted private and sensitive data to app's own server or third parties without user's approval. In this research, we tested 70 iOS applications dynamically through network penetration. Out of these, 20 apps were popular social networking and messaging applications. These were analyzed for their runtime behavior and their network traces were used for reconstruction of application layer payload. In about 15 apps out of 20, we were able to trace and reconstruct at least one of the entire message content, user's location, email credentials (including passwords), social networking credentials, profile images or tweeted messages. Apart from that, network traffic of 50 iOS applications was captured to check how end user's data is shared over the network. It was particularly found that many apps share authorized/unauthorized information of app user in unencrypted form. Apart from testing run-time behavior of applications proposed work can be used to warn app developers about unintentional security holes.","PeriodicalId":118388,"journal":{"name":"2018 Eleventh International Conference on Contemporary Computing (IC3)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Network Forensics Analysis of iOS Social Networking and Messaging Apps\",\"authors\":\"Arpita Jadhav Bhatt, Chetna Gupta, S. Mittal\",\"doi\":\"10.1109/IC3.2018.8530576\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"What type of user data are the mobile applications sending? With the plethora of mobile applications available on the online stores, most of the users are unaware about the security risks they may pose. These include breaching end user's privacy by sharing unencrypted private and sensitive data to app's own server or third parties without user's approval. In this research, we tested 70 iOS applications dynamically through network penetration. Out of these, 20 apps were popular social networking and messaging applications. These were analyzed for their runtime behavior and their network traces were used for reconstruction of application layer payload. In about 15 apps out of 20, we were able to trace and reconstruct at least one of the entire message content, user's location, email credentials (including passwords), social networking credentials, profile images or tweeted messages. Apart from that, network traffic of 50 iOS applications was captured to check how end user's data is shared over the network. It was particularly found that many apps share authorized/unauthorized information of app user in unencrypted form. Apart from testing run-time behavior of applications proposed work can be used to warn app developers about unintentional security holes.\",\"PeriodicalId\":118388,\"journal\":{\"name\":\"2018 Eleventh International Conference on Contemporary Computing (IC3)\",\"volume\":\"53 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 Eleventh International Conference on Contemporary Computing (IC3)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IC3.2018.8530576\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Eleventh International Conference on Contemporary Computing (IC3)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC3.2018.8530576","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network Forensics Analysis of iOS Social Networking and Messaging Apps
What type of user data are the mobile applications sending? With the plethora of mobile applications available on the online stores, most of the users are unaware about the security risks they may pose. These include breaching end user's privacy by sharing unencrypted private and sensitive data to app's own server or third parties without user's approval. In this research, we tested 70 iOS applications dynamically through network penetration. Out of these, 20 apps were popular social networking and messaging applications. These were analyzed for their runtime behavior and their network traces were used for reconstruction of application layer payload. In about 15 apps out of 20, we were able to trace and reconstruct at least one of the entire message content, user's location, email credentials (including passwords), social networking credentials, profile images or tweeted messages. Apart from that, network traffic of 50 iOS applications was captured to check how end user's data is shared over the network. It was particularly found that many apps share authorized/unauthorized information of app user in unencrypted form. Apart from testing run-time behavior of applications proposed work can be used to warn app developers about unintentional security holes.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
