Data leakage between C/S communication: A case study on Android music app

Huanhuan Li; Qian Luo; Shubin Zhang; Haibin Zhang; Jiajia Liu

doi:10.1109/WCSP.2017.8170908

Data leakage between C/S communication: A case study on Android music app

Huanhuan Li, Qian Luo, Shubin Zhang, Haibin Zhang, Jiajia Liu

Xidian University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

As the rapid development of mobile communication technology, smartphones have become indispensable elements in our daily life. Particularly, the increasingly rich smartphone applications (apps) bring great convenience to people while the defects generated in app designing and coding may pose unexpected threats to users. In this paper, we focus on the issue of data leakage between the app client and server. By analyzing the vulnerabilities of client-to-server communication and eavesdropping on the session data, we implement spoofing attack on a popular music app client. Two experiments are introduced in details: downloading songs freely by means of bypassing the payment mechanism and deceiving user into installing malware. In addition, the countermeasures are also provided.

Original language	English
Title of host publication	2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1-6
Number of pages	6
ISBN (Electronic)	9781538620625
DOIs	https://doi.org/10.1109/WCSP.2017.8170908
State	Published - 7 Dec 2017
Externally published	Yes
Event	9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Nanjing, China Duration: 11 Oct 2017 → 13 Oct 2017

Publication series

Name	2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
Volume	2017-January

Conference

Conference	9th International Conference on Wireless Communications and Signal Processing, WCSP 2017
Country/Territory	China
City	Nanjing
Period	11/10/17 → 13/10/17

Access to Document

10.1109/WCSP.2017.8170908

Cite this

Li, H., Luo, Q., Zhang, S., Zhang, H., & Liu, J. (2017). Data leakage between C/S communication: A case study on Android music app. In 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings (pp. 1-6). (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings; Vol. 2017-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/WCSP.2017.8170908

Li, Huanhuan ; Luo, Qian ; Zhang, Shubin et al. / Data leakage between C/S communication : A case study on Android music app. 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-6 (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings).

@inproceedings{6dd27a4891f54e16988b79ac718d76da,

title = "Data leakage between C/S communication: A case study on Android music app",

abstract = "As the rapid development of mobile communication technology, smartphones have become indispensable elements in our daily life. Particularly, the increasingly rich smartphone applications (apps) bring great convenience to people while the defects generated in app designing and coding may pose unexpected threats to users. In this paper, we focus on the issue of data leakage between the app client and server. By analyzing the vulnerabilities of client-to-server communication and eavesdropping on the session data, we implement spoofing attack on a popular music app client. Two experiments are introduced in details: downloading songs freely by means of bypassing the payment mechanism and deceiving user into installing malware. In addition, the countermeasures are also provided.",

author = "Huanhuan Li and Qian Luo and Shubin Zhang and Haibin Zhang and Jiajia Liu",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 ; Conference date: 11-10-2017 Through 13-10-2017",

year = "2017",

month = dec,

day = "7",

doi = "10.1109/WCSP.2017.8170908",

language = "英语",

series = "2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1--6",

booktitle = "2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings",

}

Li, H, Luo, Q, Zhang, S, Zhang, H & Liu, J 2017, Data leakage between C/S communication: A case study on Android music app. in 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings, vol. 2017-January, Institute of Electrical and Electronics Engineers Inc., pp. 1-6, 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017, Nanjing, China, 11/10/17. https://doi.org/10.1109/WCSP.2017.8170908

Data leakage between C/S communication: A case study on Android music app. / Li, Huanhuan; Luo, Qian; Zhang, Shubin et al.
2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-6 (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings; Vol. 2017-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Data leakage between C/S communication

T2 - 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017

AU - Li, Huanhuan

AU - Luo, Qian

AU - Zhang, Shubin

AU - Zhang, Haibin

AU - Liu, Jiajia

PY - 2017/12/7

Y1 - 2017/12/7

N2 - As the rapid development of mobile communication technology, smartphones have become indispensable elements in our daily life. Particularly, the increasingly rich smartphone applications (apps) bring great convenience to people while the defects generated in app designing and coding may pose unexpected threats to users. In this paper, we focus on the issue of data leakage between the app client and server. By analyzing the vulnerabilities of client-to-server communication and eavesdropping on the session data, we implement spoofing attack on a popular music app client. Two experiments are introduced in details: downloading songs freely by means of bypassing the payment mechanism and deceiving user into installing malware. In addition, the countermeasures are also provided.

AB - As the rapid development of mobile communication technology, smartphones have become indispensable elements in our daily life. Particularly, the increasingly rich smartphone applications (apps) bring great convenience to people while the defects generated in app designing and coding may pose unexpected threats to users. In this paper, we focus on the issue of data leakage between the app client and server. By analyzing the vulnerabilities of client-to-server communication and eavesdropping on the session data, we implement spoofing attack on a popular music app client. Two experiments are introduced in details: downloading songs freely by means of bypassing the payment mechanism and deceiving user into installing malware. In addition, the countermeasures are also provided.

UR - http://www.scopus.com/inward/record.url?scp=85046365132&partnerID=8YFLogxK

U2 - 10.1109/WCSP.2017.8170908

DO - 10.1109/WCSP.2017.8170908

M3 - 会议稿件

AN - SCOPUS:85046365132

T3 - 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings

SP - 1

EP - 6

BT - 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 11 October 2017 through 13 October 2017

ER -

Li H, Luo Q, Zhang S, Zhang H, Liu J. Data leakage between C/S communication: A case study on Android music app. In 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-6. (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings). doi: 10.1109/WCSP.2017.8170908

Data leakage between C/S communication: A case study on Android music app

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this