What's new with WhatsApp & Co.? Revisiting the security of smartphone messaging applications

ACM International Conference Proceeding Series

Volumn 04-06-December-2014, Issue , 2014, Pages 142-151

  Mueller, Robin ^a   Schrittwieser, Sebastian ^b   Fruehwirt, Peter ^c   Kieseberg, Peter ^c   Weippl, Edgar ^c  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b St Poelten University of Applied Sciences   (Austria)

^c SBA RESEARCH   (Austria)

Author keywords

Mobile security; Smartphone messengers; SSL TLS

Indexed keywords

INFORMATION ANALYSIS; INFORMATION RETRIEVAL; INTERNET TELEPHONY; SECURITY OF DATA; SIGNAL ENCODING; SMARTPHONES; WEB SERVICES; WEBSITES; WORLD WIDE WEB;

ATTACK VECTOR; EVALUATION METHODS; IN-DEPTH ANALYSIS; MOBILE MESSAGING; NEW APPLICATIONS; ROBUST SECURITY; SSL/TLS; VOIP APPLICATIONS;

MOBILE SECURITY;

EID: 84985914774     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2684200.2684328     Document Type: Conference Paper

References (17)

1. M. Bishop. Computer Security: Art and Science. Addison-Wesley, 2002.
2. A. Braga. Integrated technologies for communication security on mobile devices. In MOBILITY 2013, The Third International Conference on Mobile Services, Resources, and Users, pages 47-51, 2013.
3. Y. Cheng, L. Ying, S. Jiao, P. Su, and D. Feng. Bind your phone number with caution: automated user profiling through address book matching on smartphone. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pages 335-340. ACM, 2013.
4. L. Davi, A. Dmitrienko, A. Sadeghi, and M. Winandy. Privilege escalation attacks on android. Information Security, pages 346-360, 2011.
5. M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting privacy leaks in ios applications. In Network and Distributed System Security Symposium (NDSS), 2011.
6. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proc. of the 20th USENIX Security Symposium, 2011.
7. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, pages 235-245. ACM, 2009.
8. A. Felt, H. Wang, A. Moshchuk, S. Hanna, E. Chin, K. Greenwood, D. Wagner, D. Song, M. Finifter, J. Weinberger, et al. Permission re-delegation: Attacks and defenses. In 20th Usenix Security Symposium, San Fansisco, CA, 2011.
9. K. Fu, E. Sit, K. Smith, and N. Feamster. Dos and Don'ts of Client Authentication on the Web. In Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, pages 19-19. USENIX Association, 2001.
10. J. Koum. 400 million stories. http://blog.whatsapp.com/index.php/2013/12/400-million-stories/, 2013. Accessed: 2014-08-04.
11. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems (TOCS), 10(4):265-310, 1992.
12. S. Millward. Line reveals latest user numbers in japan, thailand, taiwan, indonesia. http://www.techinasia.com/line-user-numbers-thailand-indonesia-japan-taiwan-august-2013/, 2013. Accessed: 2014-08-04.
13. S. Millward. Tencent: Wechat now has 271.9 million monthly active users around the world. http://www.techinasia.com/tencent-wechat-272-million-activer-users-q3-2013/, 2013. Accessed: 2014-08-04.
14. R. Paleari. A look at wechat security. http://blog.emaze.net/2013/09/a-look-at-wechat-security.html, 2013. Accessed: 2014-08-04.
15. S. Schrittwieser, P. Frühwirt, P. Kieseberg, M. Leithner, M. Mulazzani, M. Huber, and E. R. Weippl. Guess who's texting you? evaluating the security of smartphone messaging applications. In NDSS, 2012.
16. W. Stallings. Cryptography and network security: principles and practice. Prentice Hall Press, 2010.
17. P. Stirparo and I. Kounelis. The mobileak project: Forensics methodology for mobile application privacy assessment. In Internet Technology And Secured Transactions, 2012 International Conference for, pages 297-303. IEEE, 2012.