Open Sesame! Web Authentication Cracking via Mobile App Analysis
Web authentication security can be undermined by flawed mobile web implementations.Mobile web implementations may use less secure transport channel and enforce less strict brute-force-proof measures,making web authentication services vulnerable to typical attacks such as password cracking.This paper presents an in-depth penetration testing based on a comprehensive dynamic app analysis focusing on vulnerable authentication implementations of Android apps.An analysis of Top 200 apps from China Android Market and Top 100 apps from Google Play Market is conducted.The result shows that 71.3% apps we analyze fails to protect userspassword appropriately.And an experiment carried out among 20 volunteers indicates that 84.4% passwords can be cracked with the knowledge of password transformation process.
Android apps Web authentication Password cracking
Hui Liu Yuanyuan Zhang Juanru Li Hui Wang Dawu Gu
Computer Science and Engineering Department,Shanghai Jiao Tong University,Shanghai,China
国际会议
International Asia-Pacific Web Conference(第18届国际亚太互联网大会)
苏州
英文
483-487
2016-09-23(万方平台首次上网日期,不代表论文的发表时间)