Guess Who's Texting You_ Evaluating the Security of Smartphone Messaging Applications
100 Pages

Guess Who's Texting You_ Evaluating the Security of Smartphone Messaging Applications

Course Number: COMPUTER S 100, Spring 2004

College/University: Carnegie Mellon

Word Count: 5422

Rating:

Document Preview

Guess Whos Texting You? Evaluating the Security of Smartphone Messaging Applications Sebastian Schrittwieser, Peter Fr hwirt, Peter Kieseberg, Manuel Leithner, u Martin Mulazzani, Markus Huber, Edgar Weippl SBA Research gGmbH Vienna, Austria (1stletterrstname)(lastname)@sba-research.org Abstract In recent months a new generation of mobile messaging and VoIP applications for smartphones was introduced. These...

Unformatted Document Excerpt
Coursehero >> Pennsylvania >> Carnegie Mellon >> COMPUTER S 100

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Whos Guess Texting You? Evaluating the Security of Smartphone Messaging Applications Sebastian Schrittwieser, Peter Fr hwirt, Peter Kieseberg, Manuel Leithner, u Martin Mulazzani, Markus Huber, Edgar Weippl SBA Research gGmbH Vienna, Austria (1stletterrstname)(lastname)@sba-research.org Abstract In recent months a new generation of mobile messaging and VoIP applications for smartphones was introduced. These services offer free calls and text messages to other subscribers, providing an Internet-based alternative to the traditional communication methods managed by cellular network carriers such as SMS, MMS and voice calls. While user numbers are estimated in the millions, very little attention has so far been paid to the security measures (or lack thereof) implemented by these providers. In this paper we analyze nine popular mobile messaging and VoIP applications and evaluate their security models with a focus on authentication mechanisms. We nd that a majority of the examined applications use the users phone number as a unique token to identify accounts, which further encumbers the implementation of security barriers. Finally, experimental results show that major security aws exist in most of the tested applications, allowing attackers to hijack accounts, spoof sender-IDs or enumerate subscribers. 1 been the subject of an ample amount of past research. The common advantages of the tools we examined lie in very simple and fast setup routines combined with the possibility to incorporate existing on-device address books. Additionally these services offer communication free of charge and thus pose a low entry barrier to potential customers. However, we nd that the very design of most of these messaging systems thwarts their security measures, leading to issues such as the possibility for communication without proper sender authentication. The main contribution of our paper is an evaluation of the security of mobile messaging applications with the aforementioned properties and the possibilities of abuse in realworld scenarios. Additionally, we draw attention to a number of suitable security mechanisms to prevent the misuse of these systems. The rest of the paper is organized as follows: Section 2 gives an overview of related work. Section 3 outlines the basic functionalities of the examined communications services, while Section 4 introduces our threat assessment for these applications. Section 5 documents our ndings and explains how the aws we identied might pose threats to users. We conclude in Section 6 and give a brief overview of approaches for future research. Introduction 2 In the past few months, several new smartphone messaging and VoIP services with a novel user authentication concept were introduced. These new-generation communication applications aim at replacing traditional text messaging (SMS) and only require the users phone number for registration. Contrary to well-known instant messaging services, no additional authentication mechanisms other than the phone number are used by these applications. In this paper we focus on the security of applications that are using this novel authentication concept. Due to this limitation, services such as Skype, Facebook Chat and Google Chat were regarded as out of scope. Note that these services have Related Work In this paper we document our ndings on weak user authentication in messaging applications on smartphones. User authentication is a popular eld of research in information security [16, 2], especially applied to distributed systems [13] or for web services [11, 18]. A vast number of protocols has been designed to provide secure user authentication, for example based on Kerberos [15] or public key cryptography and the usage of a PKI [4]. Due to the steadily increasing pervasiveness of smartphones these platforms have sparked the interest of the security community. The security features and properties of Android [9, 8, 3, 10] as well as iOS [5] have been widely studied. Furthermore, smartphone application security has been evaluated in the past [6, 7]. To the best of our knowledge no evaluation of novel smartphone messaging services analyzed in this paper has been published at the time of writing. Recently, cloud storage services have attracted the interest of security researchers [12] analyzing the implications of faulty authentication in that area. There are numerous applications for Android that promise encrypted, secure communication, such as RedPhone and TextSecure [17]. 3 Mobile Messaging Applications General Characteristics All applications analyzed in this paper have one thing in common: They use the users phone number as the basis for identication. During the setup process, the software asks the user to enter the phone number of the device. Although Android can grant direct access to the users phone number to applications, this mechanism is currently not in use. Apples iOS App Store guidelines on the other hand do not allow applications to access the phone number, making manual input necessary. One major, if unintentional, benet of this approach is that even devices without a phone module (e.g. a WiFi-only tablet) can be activated using the phone number of another device. It should be noted that these messaging applications use the phone number for user identication only and do not attempt to communicate over the regular mobile phone network. The main problem with this approach is naturally that the system has to verify the users input, seeing as a malicious user could enter someone elses phone number and therefore hijack or create an account with false credentials. All the messengers we analyzed implement measures to prevent users from impersonating others by trying to authenticate a number they do not control. Still, several of these approaches display fundamental design aws. Section 5 analyzes the shortcomings of several messengers. WhatsApp The most popular tested application (judging by its widespread distribution among various smartphone platforms) is the WhatsApp messenger. It is a crossplatform messaging application for Android, BlackBerry, iOS and Symbian. The vendor has not released any information on its user base, however, based on the Android Market sales, it can be estimated to have at least a few million users1 . Recently, the vendor reported that in one single day over one billion messages were sent over Whatsapp2 . In contrast to other comparable messengers, this piece of software does not support calls via VoIP. 1 https://market.android.com/details?id=com.whatsapp, retrieved on August 23rd, 2011 2 http://blog.whatsapp.com/index.php/2011/10/one-billion-messages, retrieved on November 2nd, 2011 4 Evaluation In this section we detail the methodology and the experimental setup of our evaluation. 4.1 Methodology For our evaluation, we selected nine popular messaging and VoIP applications for both Android and iOS. We estimated the user base of the applications by accumulating data available from the Android Market3 and Xyologic4 , a company providing download estimations for iOS applications. Table 1 gives an overview of the applications and their features. The great majority of our selected smartphone messaging applications support Voice over Internet Protocol (VoIP) calls and text messages. Furthermore, all tested applications used the users phone number as the unique user ID for initial authentication, with the Short Message Service (SMS) being the preferred method to verify the users control over a given phone number. We then identied ve possible attack vectors exploiting the insufcient authentication methods employed in these applications. Lastly, we systematically examined the software packages for the presence of these aws. This section describes the ve common attack vectors we identied amongst popular smartphone messaging applications. Authentication Mechanism and Account Hijacking We analyzed the initial setup mechanisms of the applications during which a phone number is linked to a device. None of the tested applications retrieve the devices phone number automatically but instead ask the user to input it manually during the setup phase. The common method to verify the entered number is sending a SMS message to the specied number containing a verication PIN that the user has to enter in the applications user interface. We analyzed the communication between phone and server during the initial setup and tested if an attacker could hijack accounts by passing another users phone number as his/her own. Sender ID Spoong / Message Manipulation In the second part of our evaluation, we analyzed the communication between the phone and the server during message sending and receiving. The attack scenarios for this part are a malicious user that wants to send a message with a spoofed sender ID. In contrast to the scenario outlined in the previous paragraph, the attacker may do this without hijacking the entire account. The manipulation of a message during transfer is another possible threat, however, as most tested application use en3 https://market.android.com, 4 http://search.xyologic.com, retrieved on November 2nd, 2011 retrieved on November 2nd, 2011 WhatsApp 2.6.4 Viber 2.0.3 eBuddy XMS 1.15.2 Tango 1.6.9568 Voypi 1.2 Forfone 1.5.6 HeyTell 2.3.0 EasyTalk 2.0.1 Wowtalk 1.0.3 WhatsApp 2.6.4 Viber 2.0.3 eBuddy XMS 1.15.2 Tango 1.6.9568 Voypi 1.2 Forfone 1.5.6 HeyTell 2.3.0 EasyTalk 2.0.1 Wowtalk 1.0.3 VoIP no yes no yes yes yes yes yes yes Status Messages yes no no no no no no no yes Text Messages yes yes yes no yes yes no yes yes Platforms Android, iOS, BlackBerry, Symbian Android, iOS Android, iOS Android, iOS Android, iOS Android, iOS Android, iOS iOS iOS Number Verication SMS, active SMS SMS and passive phone call SMS SMS SMS SMS no SMS SMS Estimated User Base 23-63M 10-15M 1-1.5M 10-15M 0.1-0.15M 0.2-0.25M 5-9M 0.25-0.3M 0.06M Uploads Address Book yes yes yes yes yes yes no yes yes Table 1. Overview of selected smartphone messaging applications, their features, supported platforms, and estimated user base. cryption for communication with the server, such an attack would usually not be practical in real life scenarios. Unrequested SMS/phone calls Most services emit SMS messages or even phone calls throughout the phone number verication process. A malicious user could use another users number in the setup process to generate annoying messages or phone calls on the victims phone without revealing his identity. Another scenario in this class is eavesdropping and replaying a message. Enumeration Most applications upload the users address book to the server and compare the entries to a list of registered users (only EasyTalk utilizes a slightly different mechanism and only transmits the number as it is dialed). The server then returns the subset of the users contacts that are using the service. We analyzed how this mechanism could be used to enumerate users of the service, e.g. by uploading an address book containing a large amount of phone numbers. The main problem resulting from this functionality is that an attacker can derive useful information about the users device such as the operating system, if a specic application only runs on one specic system (for instance a certain OS/version combination). This enables the attacker to perform system specic attacks. Modifying Status Messages Two out of the nine applications allow the user to set a status message that is shared with people that have this user in their address book. In this part of the evaluation, we considered two threats. The rst one is the modication of a users status message by an attacker. We analyzed the protocol for setting the status message and explore possible vulnerabilities that could result in unauthorized modication of status messages. The second threat is a privacy-related design error. Not only is it possible to determine whether the owner of a given phone number has installed the messenger application (as outlined above), but also the status message of a user is visible to people that have stored this user in their address book. Since no user conrmation is required to store a number in the address book, an attacker can very easily get access to the status messages of all subscribers to services vulnerable to this attack. In practice, this approach would likely be combined with some sort of enumeration attack. 4.2 Experimental Setup For our security evaluation we used a Samsung Nexus S running Android 2.3.3 and an Apple iPhone 4 running iOS 4.3.3. Applications that are available for both platforms were tested on both the Nexus S and the iPhone. To be able to read encrypted HTTPS trafc from and to the tested applications, we set up a SSL proxy that acted as a man-in-themiddle and intercepted requests to HTTPS servers. We further used SSLsniff [14] by Moxie Marlinspike to read SSL- protected trafc that is not sent over HTTPS (e.g. XMPP). Figure 1 explains our approach for the experimental setup. The SSL proxy was used to analyze HTTPS connections and allowed us to read as well as modify HTTPS trafc on the y. Other protocols were observed with SSLsniff. 1. (HTTPS): Phone number 2. (SMS): Code Phone SMS Proxy 3. (HTTPS): Code Server Figure 2. Authentication process of WhatsApp Phone SSL-Interception Server Figure 1. Experimental setup for intercepting SSL. 5 Results In this section we present the results of our security evaluation of the application discussed in Section 3 with respect to the different attacks outlined in section 4. 5.1 Overview Table 2 gives a compact overview of the vulnerabilities found in the tested applications. It is notable that almost all applications were vulnerable to SMS ooding and enumeration attacks, but only very few to sender spoong or message manipulation. checks if the PIN entered by the user matches the previously generated PIN. An attacker could exploit this mechanism to hijack any WhatsApp account. This can be done by typing the victims phone number during the verication phase and then intercepting the communication between the phone and the server to eavesdrop the PIN. This communication is SSL-protected; however, the attacker has to intercept only the connection between his own phone and the WhatsApp server. To exploit this vulnerability, it is possible set up a SSL proxy and install the proxys certicates as described in Section 4 on the phone in order to get access to the encrypted communication transparent to the application. Once the attacker has entered the PIN into his phone, the victims WhatsApp account is linked to the attackers phone. This enables the attacker to send and retrieve messages from the victims account. This process also unlinks the victims device, causing it to not receive messages from WhatsApp anymore. Co d e 5.2 Authentication Mechanism and Account Hijacking In this section we describe successful attacks against the authentication mechanisms of the tested applications. The general idea is that an attacker tries to hijack accounts to be able to spoof the sender ID and receive messages targeted to a victim. In essence, the attacker aims at linking his mobile device to the phone number of the victim. WhatsApp To prevent malicious users to impersonate somebody else using the victims number, a verication SMS containing a 4-digit PIN is sent to the phone. The user then has to copy that code into the WhatsApp applications GUI. This process binds a WhatsApp user account (represented by the phone number) to a physical device. Figure 2 shows the authentication process of WhatsApp. We discovered that the verication process of WhatsApp is fatally broken. The PIN for the verication SMS message is generated on the phone and then sent to the server via a HTTPS connection. The server then initiates the SMS message via a SMS proxy to the phone, where the app then 1. (HTTPS): Code + Number Proxy Attacker Phone 2. (SMS): Code Target Phone SMS Proxy Server Figure 3. MitM-Attack against WhatsApp authentication Figure 3 shows a possible attack on the authentication process of WhatsApp. A man-in-the-middle attack on the communication between the phone and the client makes it possible to eavesdrop the secret SMS verication code be- WhatsApp Viber eBuddy XMS Tango Voypi Forfone HeyTell EasyTalk WowTalk Account Hijacking yes no no yes yes no yes yes yes Spoong / Manipulation no no no no yes yes no no no Unrequested SMS yes yes yes yes yes yes no yes yes Enumeration yes yes yes yes yes yes limited yes yes Other Vulnerabilities yes yes yes Table 2. Overview on attacks. fore it was even delivered to the spoofed phone number. 1. (HTTPS): Request 2b. (HTTPS): PIN Tango and Voypi The applications Tango and Voypi share a very similar approach for device registration. Like WhatsApp, both applications ask the user to enter the devices phone number. If the number is not registered for the service yet, no verication is done. Only if the number is already known to the system, a verication process via SMS (similar to WhatsApp) is performed. While this registration schema is not vulnerable to account hijacking, an attacker can impersonate users that are not yet registered for that service. As long as a number is not registered for Tango or Voypi, an attacker can use it without SMS verication. Figure 4. MitM-attack against WowTalk application HeyTell HeyTell does not have any kind of verication. During setup the process the user has to select his or her own cellphone number from the address book (or create a new entry if it does not exist). The device is then linked to the chosen number without verication. an incorrect code into the application. We were able to successfully authenticate a client by modifying this message from ERROR to OK. The server does not detect this message manipulation and keeps the device authenticated. WowTalk WowTalks registration mechanism is based on SMS-verication. The user has to enter his phone number into the application which transmits it to the server. The server generates a random verication code and sends it back to the phone via SMS. The problem, however, is that the server also sends the verication code via HTTPS to the phone so that it can compare the users input to the correct code. We used the SSL proxy to intercept the servers reply and so retrieve the verication code. An attacker can use this technique to hijack any WowTalk account. Figure 4 explains our attack against WowTalks client authentication. EasyTalk EasyTalk uses SMS for phone number verication. After a devices registration request, the server generates a verication code that is sent to the device via SMS. After receiving the SMS the user has to enter the code into the application that forwards it to the server for verication. The server then replies to the device with either OK if the device sent the correct code or ERROR if the user entered 2a. (SMS): PIN Attacker Phone SMS Proxy Server Target Phone 1. (HTTPS): Registration Request 2. (SMS): PIN 3. (HTTPS): PIN Phone 4. (HTTPS): OK/ERROR SMS Proxy Server Figure 5. Device authentication in EasyTalk. Figure 5 shows the authentication mechanism of EasyTalk. Viber Compared to the other introduced applications, Vibers authentication mechanism is well designed and properly implemented. The application asks the user for the phone number and sends an authentication request to the server. The server generates a verication code and sends it via SMS message to the users phone. Alternatively, the user can request a phone call from Viber. In that case, a speech synthesizer voice speaks the code on the phone call. The user has to the enter the received code in the Viber application that forwards it to the server, which in turn checks the input. At no time does the server trust the client (i.e. the application on the users phone) and no sensitive authentication data is transmitted between phone and server. Figure 6 explains the authentication mechanism of Viber. Forfone and eBuddy XMS The authentication mechanisms of Forfone and eBuddy XMS are similar to Vibers and thus not susceptible to attacks that are based on intercepting the communication between the device and the server. Forfone In Forfones messaging protocol an additional identier of the sender is required for sending messages. In Android the IMSI of the phone and in iOS the UDID (Unique Device Identier) are used for sender authentication. While this additional parameter raises the difculty of sender ID spoong, it cannot be considered as a secure authentication mechanism as these two identiers can be accessed by any third party application on the phone. Table 3 summarizes the layout of the messaging protocols used by Voypi and Forfone. HTTP-Method Parameters Conclusion We do not propose our own authentication schema, as some of the tested applications already have secure protocols. While a secure implementation seems trivial, our evaluation showed that the majority of the tested applications are susceptible to even basic attacks. Voypi GET sender phone number receiver phone number receiver country code message timestamp Forfone POST sender phone number receiver phone number message sender UDID Table 3. Messaging protocols of Voypi and Forfone. 5.4 Unrequested SMS 1. (HTTPS): Registration Request 2. (SMS): Code 3. (HTTPS): Code Phone SMS Proxy 4. (HTTPS): Ok Server Figure 6. Authentication in Viber. 5.3 Sender ID Spoong This section introduces the results of our evaluation of messaging protocols in the tested applications. We analyzed the protocols and attempted to send messages with spoofed sender IDs without hijacking the entire account. Most of the tested applications use the Extensible Messaging and Presence Protocol (XMPP) [19] for messaging and can therefore rely on the security features present in the XMPP server that prevent sender ID spoong. However, Voypi and Forefone have their own implementations for messaging that are based on HTTP(S) requests. Voypi The unencrypted HTTP request that is used by Voypi to generate messages has four GET parameters: both the senders and the receivers phone number, the message, and a time stamp. There is no authentication required to send a message, therefore, an attacker can spoof the sender ID. When taking a look at the authentication mechanisms, several applications use an SMS sent to the (assumed) requesting handset in order to verify the validity of the request and to thwart account hijacking (see Section 5.2). However, several implementations of this mechanism can be misused in order to send these verication-messages to the arbitrary users. In one application (WhatsApp) we were even able to modify the messages sent, thus being able to communicate via SMS worldwide free of charge. General Approach The general approach consists of spamming an arbitrary user with text messages containing validation requests from a messaging service. Since we are able to do this in an automated fashion, this can be frustrating to a victim constantly receiving authorization requests. Unfortunately for the attacker (and fortunately for potential victims) all examined applications had some kind of timeout that thwarted real mass spamming. Still, an attacker is able to send messages at a regular interval. The adversary could also target certain numbers used for emergencies such as those used by system administrators in high-availability data centers, potentially causing the victim to switch off her device. The idea behind the attack can be seen in Figure 7 This approach works for the following messengers: WhatsApp, Viber, Tango, eBuddy XMS, WowTalk, Voypi, Forfone and easyTalk. However, no application other than WhatsApp allow for the injection of content into the verication SMS, thus making it rather useless for actual spamming (as used for marketing purposes). 5.5 1. (HTTPS): Request Registration Attacker Victim Server Figure 7. General approach. Viber The messaging application Viber allows for an even more annoying attack. In case the SMS message for authentication was not answered by the target, the attacker can choose to set up an authentication request using a phone call (Figure 8 shows the relevant parts of the authentication mechanism in Viber). 1. (HTTPS): Request Registration 2. (SMS): Request 3. (HTTPS): Request Call 4. (Call): 2nd Request Attacker Victim Server Figure 8. Sending SMS and requesting phone calls with Viber. WhatsApp Finally, WhatsApp offers an intriguing feature (or rather design error) that can be (mis-)used for sending free text messages worldwide. When looking at the authentication mechanism, we discussed that the authentication code is chosen by the handset that is requesting authentication and the WhatsApp-server simply echoes it back to the handset by a SMS. This authentication code consists of the string WhatsApp code followed by a PIN generated by the phone. In our analysis, we were able to intercept and modify the transmission of the PIN from the phone to the server. The modied SMS was even delivered when the PIN was replaced by any alphanumerical string, allowing an attacker to send SMS messages with nearly arbitrary content to the target handset. These techniques can either be used for free communication, or for sending spam. In fact, the verication messages can be sent by requesting the URL https://s.whatsapp.net/client/iphone/ smsproxy.php?to=\<receiver\> &auth=\<text message\>. Figure 9 details the relevant parts of the authentication protocol that are abused in this attack. 1. (HTTPS): Request Registration + Message Sender Enumeration 2. (SMS): Request Another security-relevant aspect of this type of messaging applications is their ability to automatically import the users contacts. All tested applications except HeyTell allow the user to upload the entire address book to the systems server and compare the contained phone numbers to already registered phone numbers stored on the server. The server returns a subset of the users contact list containing only phone numbers that are registered. A possible threat resulting from a user account enumeration is the identication of active phone numbers. Furthermore, an attacker could try to identify the operating system of the user, based on the applications installed on the phone and their availability for a certain operating system. This enables an attacker to target a system with OS-specic exploits. We tested the feasibility of such an enumeration attack with WhatsApp. To this end, we selected the US area code 619, which covers the southern half of the city of San Diego, CA and enumerated the entire number range from 000-0000 to 999-9999. A similar approach for Facebook is described by Balduzzi et al. [1]. In their paper, the authors tested the validity of mail addresses by uploading them to the friendnder feature of Facebook. Based on the return value of Facebook, they were able to determine the status of a mail address. In our evaluation, we split the entire number range of the San Diego area code 619 into chunks of 5000 phone numbers each and simulated a standard address book upload as performed by WhatsApp during device registration. While we noticed some slowdowns in server response time during our evaluation, the WhatsApp server did not prevent us from uploading ten million phone numbers and returned 21095 valid phone numbers that are using the WhatsApp application as well as their status messages. The entire process nished in less than 2.5 hours. Figure 10 shows the distribution of phone numbers that are linked to a WhatsApp account over the entire number range. As the gure indicates, active phone numbers of the area code 619 start at 200000. We believe that the mobile number range starts above this value, but have not independently conrmed that. A simple countermeasure would be the introduction of a rate limit. Clearly, no regular user would upload ten million phone numbers and such an attempt could be easily detected and blocked by the server. 2. (SMS): Request + Message WhatsApp - Server Figure 9. Free SMS with WhatsApp Recipient HeyTell HeyTell does not support upload of a whole address book for enumeration, but enumeration can be done number by number by requesting to send a voice message for every single number in the address book. This, however, is restricted by a privacy setting that allows users to 4000 http://msg.voypi.com/myphone_v1/getmsg.php? dbname=<phone number>8&version=1.2 Number of Users 3500 3000 As long as the client has not pulled messages, an attacker can do so and thus steal another users messages. The term stealing ts this scenario, because the victim is not able to retrieve the messages from the server once the attacker has done so. 2500 2000 1500 1000 500 0 6 Conclusion Number Ranges Figure 10. Distribution of phone numbers in area code 619 that are registered with WhatsApp. limit their visibility. 5.6 Other Vulnerabilities WhatsApp An additional feature of WhatsApp is the possibility to set a status message, similar to instant messaging clients like Skype, that can be read by the users contacts. Changing this status message does not require any authentication. In fact, everyone can change anyone elses status message by sending an HTTPS request to https://s.whatsapp.net/client/iphone/u.php? cc=<country code>&me=<phone number> &s=<status message>. WowTalk Like WhatsApp, WowTalk offers the feature of setting a status message. A user can change the status message for an arbitrary user by issuing a POST-request to https://sip.wowtalk.org/wowtalk_srv.php containing action=user_status_update&username=<user id> &status=<New Status> Voypi We were able to identify two other vulnerabilities in Voypi. It is possible to request Voypi users in the address book of other users. To this end, a simple HTTP request with the phone number of the victim is sent to the server: http://msg.voypi.com/myphone_v1/getusers.php? phone=<phone number>&version=1.2 No further authentication is required to perform this query. The server responds with the subset of Voypi users from the victims address book containing names and phone numbers. The second vulnerability allows an attacker to request messages of other users without authentication. The Voypi client has to be running in order to be able to receive messages. When active, Voypi pulls new messages in an interval of seven seconds from the server: In this paper, we assessed nine mobile messaging and VoIP applications for smartphones. Our evaluation showed that many applications have broken authentication mechanisms and thus are vulnerable to account hijacking attacks. Most applications also suffer from other vulnerabilities such as account enumeration. We practically demonstrated an attackers capability to enumerate any number of active WhatsApp accounts with a given area code (US area code 619 in our example, which corresponds to Southern San Diego, CA). All identied aws stem from well-known software design and implementation errors. Although these vulnerabilities may not endanger human lives, they might have a severe impact on the privacy of millions of users. Future work might include security assessments of upcoming solutions slated for mass adoption such as Apples iMessage. Furthermore, research towards an authentication scheme suitable as a best practice template for newly developed applications would be a welcome addition. 7 Acknowledgements This work has been supported by the Austrian Research Promotion Agency under grant 824709 (Kiras) and the Austrian COMET Program (FFG). References [1] M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel. Abusing social networks for automated user proling. In Recent Advances in Intrusion Detection: 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, Proceedings, volume 6307, page 422. Springer-Verlag New York Inc, 2010. [2] M. Bishop. Computer Security: Art and Science. AddisonWesley, 2002. [3] L. Davi, A. Dmitrienko, A. Sadeghi, and M. Winandy. Privilege escalation attacks on android. Information Security, pages 346360, 2011. [4] W. Dife and M. Hellman. New directions in cryptography. Information Theory, IEEE Transactions on, 22(6):644654, 1976. [5] M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting privacy leaks in ios applications. In Network and Distributed System Security Symposium (NDSS), 2011. [6] W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-ow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 16. USENIX Association, 2010. [7] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proc. of the 20th USENIX Security Symposium, 2011. [8] W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certication. In Proceedings of the 16th ACM conference on Computer and communications security, pages 235245. ACM, 2009. [9] W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. Security & Privacy, IEEE, 7(1):5057, 2009. [10] A. Felt, H. Wang, A. Moshchuk, S. Hanna, E. Chin, K. Greenwood, D. Wagner, D. Song, M. Finifter, J. Weinberger, et al. Permission re-delegation: Attacks and defenses. In 20th Usenix Security Symposium, San Fansisco, CA, 2011. [11] K. Fu, E. Sit, K. Smith, and N. Feamster. Dos and Donts of Client Authentication on the Web. In Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, pages 1919. USENIX Association, 2001. [12] Intrepidus Group. Intrepidus group, 2011. [Online; retrieved Aug 21st, 2011], http: //intrepidusgroup.com/insight/2011/08/ dropbox-for-android-vulnerability-breakdown/. [13] B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems (TOCS), 10(4):265310, 1992. [14] M. Marlinspike. Website of sslsniff tool, 2011. [Online; retrieved Jun 21st, 2011], Online at http://www. thoughtcrime.org/software/sslsniff. [15] B. Neuman and T. Tso. Kerberos: An authentication service for computer networks. Communications Magazine, IEEE, 32(9):3338, 1994. [16] W. Stallings. Cryptography and network security: principles and practice. Prentice Hall Press, 2010. [17] Whisper Systems. Whisper systems, 2011. [Online; retrieved Aug 21st, 2011], http://www.whispersys. com/. [18] A. Whitten and J. Tygar. Why Johnny cant encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, pages 169184, 1999. [19] XMPP Foundation. XMPP Standard, 2011. [Online; retrieved Jun 21st, 2011], http://xmpp.org/l.

Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more. Course Hero has millions of course specific materials providing students with the best way to expand their education.

Below is a small sample set of documents:

Carnegie Mellon - COMPUTER S - 100
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android MarketsYajin Zhou Zhi Wang Wu Zhou Xuxian Jiang Department of Computer Science North Carolina State University cfw_yajin zhou,zhi wang,wzhou2@ncsu.edu jiang@cs.n
Carnegie Mellon - COMPUTER S - 100
MoCFI: A Framework to Mitigate Control-Flow Attacks on SmartphonesLucas Davi1 , Alexandra Dmitrienko2 , Manuel Egele3 , Thomas Fischer4 , Thorsten Holz4 , Ralf Hund4 , Stefan N rnberger1 , Ahmad-Reza Sadeghi1,2 u1CASED/Technische Universit t Darmstadt,
Carnegie Mellon - COMPUTER S - 100
Towards Taming Privilege-Escalation Attacks on AndroidSven Bugiel1 , Lucas Davi1 , Alexandra Dmitrienko3 , Thomas Fischer2 , Ahmad-Reza Sadeghi1,3 , Bhargava Shastry3CASED/Technische Universit t Darmstadt, Germany a cfw_sven.bugiel,lucas.davi,ahmad.sade
Carnegie Mellon - COMPUTER S - 100
DIMSUM: Discovering Semantic Data of Interest from Un-mappable Memory with ConfidenceZhiqiang Lin , Junghwan Rhee , Chao Wu , Xiangyu Zhang , Dongyan Xu Department of Computer Science University of Texas at Dallas, Richardson, TX zhiqiang.lin@utdallas.ed
Carnegie Mellon - COMPUTER S - 100
Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow MonitoringDonghai Tian ,Qiang Zeng ,Dinghao Wu ,Peng Liu , Changzhen HuSchool of Computer Science, Beijing Institute of Technology, Beijing, China cfw_dhai, chzhoo@bit.edu
Carnegie Mellon - COMPUTER S - 100
SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes Kun Sun, Jiang Wang Fengwei Zhang, and Angelos Stavrou , Center for Secure Information Systems George Mason University Fairfax, VA 22030 cfw_ksun3, jwanga, fzha
Carnegie Mellon - COMPUTER S - 100
Tracker: Security and Privacy for RFID-based Supply ChainsErik-Oliver Blass Kaoutar Elkhiyaoui Refik Molva EURECOM Sophia Antipolis, France cfw_blass|elkhiyao|molva@eurecom.frAbstractThe counterfeiting of pharmaceutics or luxury objects is a major thre
Carnegie Mellon - COMPUTER S - 100
International Secure Systems Lab UCSB &amp; TU ViennaPiOS: Detecting Privacy Leaks in iOS ApplicationsManuel EGELE, Christopher KRUEGEL, Engin KIRDA, Giovanni VIGNA cfw_maeg,chris,vigna@cs.ucsb.edu, ek@ccs.neu.edu Int. Secure Systems Lab, UCSB &amp; TU Vienna &amp;
Carnegie Mellon - COMPUTER S - 100
PiOS: Detecting Privacy Leaks in iOS Applications Manuel Egele , Christopher Kruegel Engin Kirda , and Giovanni Vigna , Vienna University of Technology, Austriamanuel@seclab.tuwien.ac.atUniversity of California, Santa Barbaracfw_maeg,chris,vigna@cs.u
Carnegie Mellon - COMPUTER S - 100
You Can Run, but You Can't Hide: Exposing Network Location for Targeted DoS Attacks in Cellular NetworksZhiyun Qian1 Zhaoguang Wang1 Qiang Xu1 Z. Morley Mao1 Ming Zhang2 Yi-Min Wang2 1 University of Michigan 2 Microsoft ResearchAbstractAn important cla
Carnegie Mellon - COMPUTER S - 100
Privacy-Preserving Aggregation of Time-Series DataElaine Shi PARC/UC Berkeley elaines@eecs.berkeley.edu T-H. Hubert Chan The University of Hong Kong hubert@cs.hku.hk Eleanor Rieffel FxPal rieffel@fxpal.comRichard Chow PARC rchow@parc.comDawn Song UC Be
Carnegie Mellon - COMPUTER S - 100
Tracker: Security and Privacy for RFID-based Supply ChainsErik-Oliver Blass, Kaoutar Elkhiyaoui, Refik MolvaMotivationa Supply chain managementProduct tracking Counterfeit detection Flow controlb c Problems in supply chain:Injecting fake product
Carnegie Mellon - COMPUTER S - 100
Privacy-Preserving Stream AggregationElaine Shi (PARC/UC Berkeley), T-H. Hubert Chan (HKU), Eleanor Rieffel (FXPal), Richard Chow (PARC), Dawn Song (UC Berkeley)1Privacy in Smart GridsSmart grid operatorTime-series data2Privacy in Population Survey
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyGuess again (and again and again): Measuring password strength by simulating password-cracking algorithmsPatrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas Lujo Bauer, Nico
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyA Framework to Eliminate Backdoors from Response-Computable AuthenticationShuaifu Dai1 , Tao Wei1,2 , Chao Zhang1 , Tielei Wang3 , Yu Ding1 , Zhenkai Liang4 , Wei Zou11Beijing Key Lab of Internet Security Tec
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyAbusing File Processing in Malware Detectors for Fun and ProfitSuman Jana and Vitaly ShmatikovThe University of Texas at AustinAbstract-We systematically describe two classes of evasion exploits against autom
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyBuilding Verifiable Trusted Path on Commodity x86 ComputersZongwei Zhou, Virgil D. Gligor, James Newsome, Jonathan M. McCune ECE Department and CyLab, Carnegie Mellon University AbstractA trusted path is a pro
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyClash Attacks on the Verifiability of E-Voting SystemsRalf K sters, Tomasz Truderung and Andreas Vogt u University of Trier, Germany cfw_kuesters,truderung,vogt@uni-trier.de surprisingly, several e-voting syste
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyDetecting Hoaxes, Frauds, and Deception in Writing Style OnlineSadia Afroz , Michael Brennan and Rachel Greenstadt Department of Computer Science Drexel University, Philadelphia, PA 19104 Emails: sadia.afroz@dr
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyDissecting Android Malware: Characterization and EvolutionYajin Zhou Department of Computer Science North Carolina State University yajin zhou@ncsu.edu Xuxian Jiang Department of Computer Science North Carolina
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyDistance Hijacking Attacks on Distance Bounding ProtocolsCas Cremers Kasper B. Rasmussen ETH Zurich University of California, Irvine Information Security group Computer Science Dept. Zurich, Switzerland Irvine,
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyDon't Trust Satellite Phones: A Security Analysis of Two Satphone StandardsBenedikt Driessen, Ralf Hund, Carsten Willems, Christof Paar, Thorsten Holz Horst-Goertz Institute for IT Security Ruhr-University Boch
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyE VIL S EED: A Guided Approach to Finding Malicious Web PagesLuca Invernizzi UC Santa Barbara invernizzi@cs.ucsb.edu Stefano Benvenuti University of Genova ste.benve86@gmail.com Marco Cova Lastline, Inc. and Un
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyFlash Memory for Ubiquitous Hardware Security Functions: True Random Number Generation and Device FingerprintsYinglei Wang, Wing-kei Yu, Shuo Wu, Greg Malysa, G. Edward Suh, and Edwin C. Kan School of Electrica
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyFormalizing and Enforcing Purpose Restrictions in Privacy PoliciesMichael Carl Tschantz Carnegie Mellon University Email: mtschant@cs.cmu.edu Anupam Datta Carnegie Mellon University Email: danupam@cmu.edu Jeann
Carnegie Mellon - COMPUTER S - 100
2012 IEEE Symposium on Security and PrivacyFoundations of Logic-Based Trust ManagementMoritz Y. BeckerMicrosoft Research Cambridge, UKAlessandra RussoDepartment of Computing Imperial College, London, UKNik SultanaComputer Laboratory University of C
Shanghai Jiao Tong University - OPTOELECTR - 3
2. Dielectric waveguide and fiber 2.1 2.2 2.3 2.4 2.5 2.8 2.9 Planar dielectric waveguide Dispersion of waveguide Fiber Dispersion of fiber Electronic and optical bandwidth Loss in fiber Fiber perform2. 1 Planar dielectric waveguide 2.1.1 Symmetric diele
Shanghai Jiao Tong University - ELEC - 4
Chapter4-Laser and amplifier.pdf
UNI - STAT - 1772
UNI - STAT - 1772
Utah State - MGT - 2050
Assessment: Chapter 2 Read and ReviewAssessment Results for Xueying WangAttempt Score: 5.00 out of a possible 5.00 (100.0%)Grade Score: 5.00 out of a possible 5.00 (100.0%)Assessment Time: 28.62 minutes (not accurate for suspendable exams)Question 1
Utah State - MGT - 2050
Frank is a loyal employee who has spent much time aboveand beyond the call of duty promoting his employerscompany on weekends. Franks boss says to him, Becauseof all this extra work you have done, youll get a $1,000 bonusnext month. Because of this st
Utah State - MGT - 2050
Question 1 (2844564):Which of the following may not be afforded federal protection, and thereforenot be trademarked?Type:Multiple ChoicePoints awarded:1.00 / 1.00Your Answer(s):All of these are correctCorrect answer(s):ColaSouthJust Do ItGood
Utah State - MGT - 2050
Question 1 (2844568):Mamie speaks to a person online regarding a reservation and contract termsof a special vacation package. She speaks to Sue, operator #232, who at thismoment is answering calls from Madrid, Spain. After the call, Mamie receivesa co
Aarhus Universitet - MED - 400
W.B.Cs.Mobile's unit of the protective system Partially formed in bone marrow (granulocytes, monocytes &amp; few lymphocytes) Partially in lymph tissue (lymphocytes &amp; plasma cells) After their formation they are transported where they are needed. Types of Le
Aarhus Universitet - MED - 400
MAHMOODA NAQVIEDUCATIONAL ELEMENTS OF ALIGARH MOVMENTSIR SYED AHMED KHANSir Syed Ahmed Khan, one of the architects of modern India was born on October 17, 1817 in DelhiBACKGROUNDThe War of Independence 1857 ended in disaster for the Muslims. After d
Aarhus Universitet - MED - 400
BLOODIt is a specialized connective tissue Represents 8 % of the total body wt. Components: 1) Formed elements: cellular portion (45%) 2) Plasma: fluid portion (55%) 1) Formed elements: ) Red blood cells (RBCs) (erythrocytes) ) White blood cells (WBCs) (
Aarhus Universitet - MED - 400
Introduction to Data CommunicationsWhat is data communication? Not to be confused with telecommunication- Any process that permits the passage from a sender to one or more receivers of information of any nature, delivered in any easy to use form by any
Aarhus Universitet - MED - 400
DERIVED POSITIOND BY MAHMOODA NAQVIBY ALTERATION OF ARMSHalf stretch standing Full stretch standing Heave standing Yard standing Reach standing Half reach standing Neck rest standing Head rest standingBY ALTERATION OF LEGSClose standing Toe standing W
Aarhus Universitet - MED - 400
Foreign PolicyRelations between the sovereign states. It is a reflection of domestic politics and an interaction among sovereign states . It indicates the principles and preferences on which a country want to establish relationships with another country.
Aarhus Universitet - MED - 400
FUNDAMENTAL AND DERIVED POSITIONSBY MAHMOODA NAQVIFUNDAMENTAL AND DERIVED POSITIONFundamental &amp; derived Positions are usually described as the starting positions from which exercises start.FUNDAMENTAL POSITIONSStanding Kneeling Sitting Supine Hanging
Aarhus Universitet - MED - 400
Impact of Islam in Indian societyThe rise of Islam in the first half of the seventh century A.D. is one of the important events of the world. Prophet Muhammad, the founder of thisIslam came to India in the beginning of the eighth century A.D. by Muhamma
Aarhus Universitet - MED - 400
MANUAL MUSCLE BY TESTING MAHMOODA NAQVIMANUAL MUSCLE TESTINGAn evaluation system for diagnosis of disease or dysfunction of the musculoskeletal and nervous systemsPurposeMeasures the capability of muscles or groups to provide support and movementMUS
Aarhus Universitet - MED - 400
MAHMOODA NAQVIEDUCATIONAL ELEMENTS OF ALIGARH MOVMENTSIR SYED AHMED KHANSir Syed Ahmed Khan, one of the architects of modern India was born on October 17, 1817 in DelhiBACKGROUNDThe War of Independence 1857 ended in disaster for the Muslims. After d
Aarhus Universitet - MED - 400
Foreign PolicyRelations between the sovereign states. It is a reflection of domestic politics and an interaction among sovereign states . It indicates the principles and preferences on which a country want to establish relationships with another country.
Aarhus Universitet - MED - 400
Muscle activity and strength.Anum tariq.The Muscular System Muscles are responsible for all types of body movement they contract or shorten and are the machine of the body Three basic muscle types are found in the body Skeletal muscle Cardiac muscle S
Aarhus Universitet - MED - 400
PAKISTAN STUDIESTOPIC:ECONOMICAL PROBLEMS OF PAKISTANPRESENTING BY GROUP I: KARRAR RIZVI ZOHRA GUL ASRA-BINTE-SABIH SHAGUFTA SAFDAR MEHAK TOOBA KHANINTRODUCTION:Economic prosperity serves as a backbone for the overall progress of a country. One thin
Aarhus Universitet - MED - 400
POSTUREThe relative arrangement of the part of the body For postural analysis we use postural analysis grid and plump lineBONY LAND MARKS IN 1Through mid ANTERIO line of nose 2Through R VIEWmidline of sternum 3Through umblicus 4Through symphsis pubisB
Aarhus Universitet - MED - 400
PULLEYBY S.MAHMOODA NAQVIPULLEYSA pulley is one of the simple machines. The pulley helps you lift things up that are too heavy for people too lift up. The pulley is a very helpful simple machine.PULLEYSA pulley is a grooved wheel that turns around an
Aarhus Universitet - MED - 400
The Historical Background of Pakistan Role of sufis in organizing the Muslim societyRole of Sufis in organizing the Muslim societyIn the preservation of Islam, its beliefs and tenets, firstly the Ulema and secondly the Sufis played a dominant role.MAJO
Aarhus Universitet - MED - 400
Hardware: Input, Processing, and Output DevicesWhy Learn About Hardware?Can improve productivity, increase revenue, reduce costs, and provide better service Managers are expected to know about hardware To help define business needs To ask questions an
Aarhus Universitet - MED - 400
Abacus 3000 BCE, early form of beads on wires, used in China From semitic abaq, meaning dust.Charles Babbage (1791-1871) Born: December 26, 1791 son of Benjamin Babbage a London banker (part of the emerging middle class: property, education, wealth, an
Aarhus Universitet - MED - 400
What Is A Computer?A computer is an electronic device, operating under the control of instructions (software) stored in its own memory unit, that can accept data (input), manipulate data (process), and produce information (output) from the processing. Ge
Aarhus Universitet - MED - 400
CELLFundamental working unit of all organisms Human body contains 100 trillion cells Each cell contains: A) Cytoplasm : covered by cell membrane that separates its from surrounding fluid &amp; B) Nucleus: covered by ai) Structural proteins: present in the f
Aarhus Universitet - MED - 400
Cell cycle, cell divisionDr Nudrat Back ground Cell cycle Cell division Mitosis Meiosis Thank you
Aarhus Universitet - MED - 400
TRANSPORT ACROSS THE CELLTRANSPORT1) 2)DIFFUSION OR PASSIVE TRANSPORT ACTIVE TRANSPORT1) DIFFUSION OR PASSIVE TRANSPORT a) Simple diffusion b) Facilitated diffusion 2) ACTIVE TRANSPORT c) Primary active transport d) Secondary active transportDIFFUSIO
Aarhus Universitet - MED - 400
CellIt is the basic unit of the body Each type of the cell perform one or few specific functions For e.g. RBC transport gases. Although many cells of the body differ markedly from one another all of them have certain basic functions that are like . For
Aarhus Universitet - MED - 400
Nerve and Muscle ..Muscular System Muscles are responsible for all types of bodymovements they contract or shorten and are the machine of the body.Muscle Tissue3 types : Skeletal Muscles voluntary Cardiac Muscles heart Smooth Muscles internal organs
Aarhus Universitet - MED - 400
Introduction To Anatomy Dr Arsalan ManzoorAnatomyAnatomy is the science of the structure and function of the body The three main approaches to studying anatomy areRegional Systemic ClinicalRegional Approachconsiders the organization of the human body
Aarhus Universitet - MED - 400
Anatomical termsTerms of Relationship and ComparisonGross anatomy:Superior is near vertex (topmost point of the cranium) Inferior nearer the sole of the foot. Cranial toward the head or cranium. Caudal (L. cauda, tail) toward the feet or tail region, r
Aarhus Universitet - MED - 400
DefinitionFascias (L. fasciae) constitute the wrapping, packing, and insulating materials of the deep structures of the body. Types: superficial fascia below the skin deep fascia between superficial Fascia &amp; MuscleSuperficial Fasciabetween the overlyin