Abstract
Mobile applications only become really useful if combined with cloud-based services. We have observed that the increasingly short time to market may cause serious design flaws in the security architecture. In this talk I will highlight some flaws discovered in the past. For example, we looked at nine popular mobile messaging and VoIP applications and evaluated their security models with a focus on authentication mechanisms. We find that a majority of the examined applications use the user's phone number as a unique token to identify accounts; they contain vulnerabilities allowing attackers to hijack accounts, spoof sender-IDs or enumerate subscribers. Other examples pertain to (already fixed) problems in cloud-based storage services such as Dropbox.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
