TY - GEN
T1 - Data leakage between C/S communication
T2 - 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017
AU - Li, Huanhuan
AU - Luo, Qian
AU - Zhang, Shubin
AU - Zhang, Haibin
AU - Liu, Jiajia
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/7
Y1 - 2017/12/7
N2 - As the rapid development of mobile communication technology, smartphones have become indispensable elements in our daily life. Particularly, the increasingly rich smartphone applications (apps) bring great convenience to people while the defects generated in app designing and coding may pose unexpected threats to users. In this paper, we focus on the issue of data leakage between the app client and server. By analyzing the vulnerabilities of client-to-server communication and eavesdropping on the session data, we implement spoofing attack on a popular music app client. Two experiments are introduced in details: downloading songs freely by means of bypassing the payment mechanism and deceiving user into installing malware. In addition, the countermeasures are also provided.
AB - As the rapid development of mobile communication technology, smartphones have become indispensable elements in our daily life. Particularly, the increasingly rich smartphone applications (apps) bring great convenience to people while the defects generated in app designing and coding may pose unexpected threats to users. In this paper, we focus on the issue of data leakage between the app client and server. By analyzing the vulnerabilities of client-to-server communication and eavesdropping on the session data, we implement spoofing attack on a popular music app client. Two experiments are introduced in details: downloading songs freely by means of bypassing the payment mechanism and deceiving user into installing malware. In addition, the countermeasures are also provided.
UR - http://www.scopus.com/inward/record.url?scp=85046365132&partnerID=8YFLogxK
U2 - 10.1109/WCSP.2017.8170908
DO - 10.1109/WCSP.2017.8170908
M3 - 会议稿件
AN - SCOPUS:85046365132
T3 - 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
SP - 1
EP - 6
BT - 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 11 October 2017 through 13 October 2017
ER -