I've Got Your Number: - Harvesting Users' Personal Data via Contacts Sync for the KakaoTalk Messenger
نویسندگان
چکیده
Instant messaging (IM) is increasingly popular among not only Internet but also smartphone users. In this paper, we analyze the security issue of an IM application, KakaoTalk, which is the most widely used in South Korea, with a focus on automated friends registration based on contacts sync. We demonstrate that there are multiple ways of collecting victims’ personal information such as their names, phone numbers and photos, which can be potentially misused for a variety of cyber criminal activities. Our experimental results show that a user’s personal data can be obtained automatically (0.26 seconds on average), and a large portion of KakaoTalk users (around 73%) uses their real names as display names. Finally, we suggest reasonable countermeasures to mitigate the discovered attacks, which have been confirmed and patched by the developers.
منابع مشابه
Design and analysis of enumeration attacks on finding friends with phone numbers: A case study with KakaoTalk
Users' phone numbers are popularly used for finding friends in instant messaging (IM) services. In this paper, we present a new security concern about this search feature through a case study with KakaoTalk which is the most widely used IM in Korea. We demonstrate that there are multiple ways of collecting victims' personal information such as their (display) names, phone numbers and photos, wh...
متن کاملEncryption is Not Enough: Inferring User Activities on KakaoTalk with Traffic Analysis
Many people started being concerned about their privacy in delivering private chats, photographs, contacts and other personal information through mobile instant messaging services. Fortunately, in the majority of mobile instant messaging services, encrypted communication channels (e.g., using the SSL/TLS protocols) are used by default to protect delivered messages against eavesdropping attacks....
متن کاملI've got a little list.
Give us 5 minutes and we will show you the best book to read today. This is it, the ive got a little list that will be your best choice for better reading book. Your five times will not spend wasted by reading this website. You can take the book as a source to make better concept. Referring the books that can be situated with your needs is sometime difficult. But here, this is so easy. You can ...
متن کاملA Decentralized Optimization Framework for Energy Harvesting Devices
Designing decentralized policies for wireless communication networks is a crucial problem, which has only been partially solved in the literature so far. In this paper, we propose the Decentralized Markov Decision Process (Dec-MDP) framework to analyze a wireless sensor network with multiple users which access a common wireless channel. We consider devices with energy harvesting capabilities, s...
متن کاملForensics Analysis of Android Mobile VoIP Apps
Voice over Internet Protocol (VoIP) applications (apps) provide convenient and low cost means for users to communicate and share information with each other in real-time. Day by day, the popularity of such apps is increasing, and people produce and share a huge amount of data, including their personal and sensitive information. This might lead to several privacy issues, such as revealing user c...
متن کامل