Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps
School of Information Technology and Mathematical Sciences, University of South Australia, Australia.
Faculty of Computer Science, University of New Brunswick, Fredericton, NB, Canada.
School of Information Technology and Mathematical Sciences, University of South Australia, Australia.ORCID iD: 0000-0001-9208-5336
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.ORCID iD: 0000-0003-1902-9877
Number of Authors: 42017 (English)In: Applied Mathematics and Computation, ISSN 0096-3003, E-ISSN 1873-5649, Vol. 293, p. 523-544Article in journal (Refereed) Published
Abstract [en]

With the increased convergence of technologies whereby a user can access, store and transmit data across different devices in real-time, risks will arise from factors such as lack of appropriate security measures in place and users not having requisite levels of security awareness and not fully understanding how security measures can be used to their advantage. In this paper, we adapt our previously published adversary model for digital rights management (DRM) apps and demonstrate how it can be used to detect vulnerable iOS devices and to analyse (non-DRM) apps for vulnerabilities that can potentially be exploited. Using our adversary model, we investigate several (jailbroken and non-jailbroken) iOS devices, Australian Government Medicare Expert Plus (MEP) app, Commonwealth Bank of Australia app, Western Union app, PayPal app, PocketCloud Remote Desktop app and Simple Transfer Pro app, and reveal previously unknown vulnerabilities. We then demonstrate how the identified vulnerabilities can be exploited to expose the user's sensitive data and personally identifiable information stored on or transmitted from the device. We conclude with several recommendations to enhance the security and privacy of user data stored on or transmitted from these devices.

Place, publisher, year, edition, pages
Elsevier, 2017. Vol. 293, p. 523-544
National Category
Computer Engineering
Research subject
Pervasive Mobile Computing
Identifiers
URN: urn:nbn:se:ltu:diva-366DOI: 10.1016/j.amc.2016.08.051ISI: 000385334800042Scopus ID: 2-s2.0-84986550725OAI: oai:DiVA.org:ltu-366DiVA, id: diva2:975073
Note

Validerad; 2016; Nivå 2; 2016-09-28 (kribac)

Available from: 2016-09-28 Created: 2016-09-28 Last updated: 2018-09-13Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Choo, Kim Kwang RaymondVasilakos, Athanasios

Search in DiVA

By author/editor
Choo, Kim Kwang RaymondVasilakos, Athanasios
By organisation
Computer Science
In the same journal
Applied Mathematics and Computation
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 415 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf