Abstract
Users' phone numbers are popularly used for finding friends in instant messaging (IM) services. In this paper, we present a new security concern about this search feature through a case study with KakaoTalk which is the most widely used IM in Korea. We demonstrate that there are multiple ways of collecting victims' personal information such as their (display) names, phone numbers and photos, which can be potentially misused for a variety of cyber–criminal activities. Our experimental results show that a user's personal data can be obtained automatically (0.26 s on average). The results also indicate that a large portion of KakaoTalk users (72.8%) have used real or real-like names in their profiles, which means that our discovered enumeration attacks seem to be practically dangerous. To mitigate these attacks, we present three countermeasures including a misuse detection system that can discover abnormal application activities within a certain time-window.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
