Open Sesame! Web Authentication Cracking via Mobile App Analysis
نویسندگان
چکیده
Web authentication security can be undermined by flawed mobile web implementations. Mobile web implementations may use less secure transport channel and enforce less strict brute-force-proof measures, making web authentication services vulnerable to typical attacks such as password cracking. This paper presents an in-depth penetration testing based on a comprehensive dynamic app analysis focusing on vulnerable authentication implementations of Android apps. An analysis of Top 200 apps from China Android Market and Top 100 apps from Google Play Market is conducted. The result shows that 71.3% apps we analyze fails to protect users’ password appropriately. And an experiment carried out among 20 volunteers indicates that 84.4% passwords can be cracked with the knowledge of password transformation process.
منابع مشابه
A Comparison of ESLE Web-based English Vocabulary Learning Application with Traditional Desktop English Vocabulary Learning Application: Exceptional learner parents’ point of view
The aim of this study was to compare the Exceptional Student Learning English (ESLE) web application and traditional application and the evaluation of the ESLE app mainly from the exceptional student parents' perspective. To this end, five exceptional student parents with their exceptional children were selected among 30 parents in Isfahan in Isfahan province. Open-ended questionnaires were sen...
متن کاملOn the Security of an Improved Password Authentication Scheme Based on ECC
The design of secure remote user authentication schemes for mobile applications is still an open and quite challenging problem, though many schemes have been published lately. Recently, Islam and Biswas pointed out that Lin and Hwang et al.’s password-based authentication scheme is vulnerable to various attacks, and then presented an improved scheme based on elliptic curve cryptography (ECC) to...
متن کاملLoxin - A solution to password-less universal login
As the easiest and cheapest way of authenticating an end user, password based authentication methods have been consistently chosen by almost every new cloud service. Unfortunately, the explosive growth of cloud services and web applications has made it impossible for users to manage dozens of passwords for accessing different cloud services. The situation is even worse considering the potential...
متن کاملA Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective Patents Pending
Executive Summary User authentication on the Internet is widely acknowledged to be broken. Ordinary passwords have many vulnerabilities. Third-party login with a password adds a privacy problem while arguably making the security problem worse. Security questions are an invasion of privacy, and their answers can be easily discovered online. Onetime passwords generated by a soft or hard token or ...
متن کاملLoxin – A Universal Solution to Password-Free Login
As the easiest and cheapest way of authenticating an end user, password based approach has been consistently chosen by implementers of every new computer or mobile device based web service. Unfortunately, the explosive growth of web applications has made it impossible for users to manage dozens of passwords for accessing different web services. The situation is even worse considering the potent...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016