In the Internet of Things (IoT) era users want to be able to access to their accounts on all their devices—e.g., laptops, smartphones, smart TVs, smartwatches, tablets, and so on—and a number of security and privacy concerns have to be addressed. In particular, passwords are widely used to protect sensitive data or to gain access to specific resources. Thus, they have to be stored safely and picked up easily. A possible solution to this issue is to adopt a password manager to remember and secure them. However, a bad user practice, i.e., rooting devices, might affect the security of installed apps. In this scenario, unintended data leakage flaws might exist. In order to detect such flaws, we analyze the top installed Android password managers running them on rooted devices. We will show that a simple malicious application might collect secret data, thus providing an access door into a specific network and all the information stored on it.
Exploiting a Bad User Practice to Retrieve Data Leakage on Android Password Managers / L. Casati, A. Visconti (ADVANCES IN INTELLIGENT SYSTEMS AND COMPUTING). - In: Innovative Mobile and Internet Services in Ubiquitous Computing / [a cura di] L. Barolli, T. Enokido. - [s.l] : Springer, 2017. - ISBN 978-3-319-61541-7. - pp. 952-958 (( Intervento presentato al 11. convegno International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing tenutosi a Torino nel 2017 [10.1007/978-3-319-61542-4_96].
Exploiting a Bad User Practice to Retrieve Data Leakage on Android Password Managers
A. ViscontiUltimo
2017
Abstract
In the Internet of Things (IoT) era users want to be able to access to their accounts on all their devices—e.g., laptops, smartphones, smart TVs, smartwatches, tablets, and so on—and a number of security and privacy concerns have to be addressed. In particular, passwords are widely used to protect sensitive data or to gain access to specific resources. Thus, they have to be stored safely and picked up easily. A possible solution to this issue is to adopt a password manager to remember and secure them. However, a bad user practice, i.e., rooting devices, might affect the security of installed apps. In this scenario, unintended data leakage flaws might exist. In order to detect such flaws, we analyze the top installed Android password managers running them on rooted devices. We will show that a simple malicious application might collect secret data, thus providing an access door into a specific network and all the information stored on it.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Casati_Visconti_IMIS2017_2Colonne.pdf
accesso riservato
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
144.65 kB
Formato
Adobe PDF
|
144.65 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
