Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications

19th Annual Network and Distributed System Security Symposium, NDSS 2012

Volumn , Issue , 2012, Pages

  Schrittwieser, Sebastian ^a   Frühwirt, Peter ^a   Kieseberg, Peter ^a   Leithner, Manuel ^a   Mulazzani, Martin ^a   Huber, Markus ^a   Weippl, Edgar ^a  

^a SBA Research GGmbH   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

INTERNET TELEPHONY; MOBILE SECURITY; TEXT MESSAGING; VOICE/DATA COMMUNICATION SYSTEMS;

CELLULAR NETWORK; COMMUNICATION METHOD; INTERNET BASED; MOBILE MESSAGING; MOBILE VOIP; NETWORK CARRIERS; SMART PHONES; TEXTING; VOICE CALLS; VOIP APPLICATIONS;

SMARTPHONES;

EID: 85030411408     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (19)

1. M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel. Abusing social networks for automated user profiling. In Recent Advances in Intrusion Detection: 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, Proceedings, volume 6307, page 422. Springer-Verlag New York Inc, 2010.
2. M. Bishop. Computer Security: Art and Science. Addison-Wesley, 2002.
3. L. Davi, A. Dmitrienko, A. Sadeghi, and M. Winandy. Privilege escalation attacks on android. Information Security, pages 346-360, 2011.
4. W. Diffie and M. Hellman. New directions in cryptography. Information Theory, IEEE Transactions on, 22(6):644-654, 1976.
5. M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting privacy leaks in ios applications. In Network and Distributed System Security Symposium (NDSS), 2011.
6. W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1-6. USENIX Association, 2010.
7. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proc. of the 20th USENIX Security Symposium, 2011.
8. W. Enck, M. Ongtang, and P. McDaniel. On lightweight mobile phone application certification. In Proceedings of the 16th ACM conference on Computer and communications security, pages 235-245. ACM, 2009.
9. W. Enck, M. Ongtang, and P. McDaniel. Understanding Android Security. Security & Privacy, IEEE, 7(1):50-57, 2009.
10. A. Felt, H. Wang, A. Moshchuk, S. Hanna, E. Chin, K. Greenwood, D. Wagner, D. Song, M. Finifter, J. Weinberger, et al. Permission re-delegation: Attacks and defenses. In 20th Usenix Security Symposium, San Fansisco, CA, 2011.
11. K. Fu, E. Sit, K. Smith, and N. Feamster. Dos and Don'ts of Client Authentication on the Web. In Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, pages 19-19. USENIX Association, 2001.
12. Intrepidus Group. Intrepidus group, 2011. [Online; retrieved Aug 21st, 2011], http://intrepidusgroup.com/insight/2011/08/dropbox-for-android-vulnerability-breakdown/.
13. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems (TOCS), 10(4):265-310, 1992.
14. M. Marlinspike. Website of sslsniff tool, 2011. [Online; retrieved Jun 21st, 2011], Online at http://www. thoughtcrime.org/software/sslsniff.
15. B. Neuman and T. Ts'o. Kerberos: An authentication service for computer networks. Communications Magazine, IEEE, 32(9):33-38, 1994.
16. W. Stallings. Cryptography and network security: principles and practice. Prentice Hall Press, 2010.
17. Whisper Systems. Whisper systems, 2011. [Online; retrieved Aug 21st, 2011], http://www.whispersys. com/.
18. A. Whitten and J. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, pages 169-184, 1999.
19. XMPP Foundation. XMPP Standard, 2011. [Online; retrieved Jun 21st, 2011], http://xmpp.org/l.