手机QQ的安全性分析

2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP) Pub Date : 2014-12-22 DOI:10.1109/WCSP.2014.6992183

Fei Yu, Xinyu Zhao, Qingbing Ji, Lijun Zhang

{"title":"手机QQ的安全性分析","authors":"Fei Yu, Xinyu Zhao, Qingbing Ji, Lijun Zhang","doi":"10.1109/WCSP.2014.6992183","DOIUrl":null,"url":null,"abstract":"Mobile QQ is the smartphone version of the most popular IM software QQ in China. This paper studies the encipher system and communication protocol of mobile QQ and analyzes its security flaws. We found some security risks of mobile QQ and some of which are fatal especially in a weak wireless environment: Any attacker who could access the communication channel could easily recover the encrypted message packet during the communication without the knowledge of the user's password; the user's password is vulnerable by brute-force attack or rainbow table attack in the protocol; the complicated encryption mode of TEA used in mobile QQ could be bypassed.","PeriodicalId":412971,"journal":{"name":"2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Security analysis of mobile QQ\",\"authors\":\"Fei Yu, Xinyu Zhao, Qingbing Ji, Lijun Zhang\",\"doi\":\"10.1109/WCSP.2014.6992183\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile QQ is the smartphone version of the most popular IM software QQ in China. This paper studies the encipher system and communication protocol of mobile QQ and analyzes its security flaws. We found some security risks of mobile QQ and some of which are fatal especially in a weak wireless environment: Any attacker who could access the communication channel could easily recover the encrypted message packet during the communication without the knowledge of the user's password; the user's password is vulnerable by brute-force attack or rainbow table attack in the protocol; the complicated encryption mode of TEA used in mobile QQ could be bypassed.\",\"PeriodicalId\":412971,\"journal\":{\"name\":\"2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WCSP.2014.6992183\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WCSP.2014.6992183","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

手机QQ是中国最流行的即时通讯软件QQ的智能手机版本。研究了手机QQ的加密系统和通信协议，分析了手机QQ的安全漏洞。我们发现手机QQ存在一些安全隐患，特别是在弱无线环境下，其中一些是致命的:任何能够进入通信通道的攻击者都可以在不知道用户密码的情况下，很容易在通信过程中恢复加密的消息包;协议中用户密码容易受到暴力破解或彩虹表攻击;可以绕过手机QQ使用的TEA复杂的加密模式。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security analysis of mobile QQ

Mobile QQ is the smartphone version of the most popular IM software QQ in China. This paper studies the encipher system and communication protocol of mobile QQ and analyzes its security flaws. We found some security risks of mobile QQ and some of which are fatal especially in a weak wireless environment: Any attacker who could access the communication channel could easily recover the encrypted message packet during the communication without the knowledge of the user's password; the user's password is vulnerable by brute-force attack or rainbow table attack in the protocol; the complicated encryption mode of TEA used in mobile QQ could be bypassed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP)

自引率

0.00%

发文量