Logo des Repositoriums
 
Konferenzbeitrag

Using a whatsapp vulnerability for profiling individuals

Vorschaubild nicht verfügbar

Volltext URI

Dokumententyp

Text/Conference Paper

Dateien

140.pdf (579.74 KB)

Zusatzinformation

Datum

2014

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Open Identity Summit 2014

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

This paper aims at raising awareness on the issue of using unfixed vulnerabilities for targeted attacks in order to harness private or even corporate information. We demonstrate an attack by using a well-known, yet not fixed whatsapp vulnerability, enabling us to eavesdrop the cell-phone number of a victim. We identified the concrete states, in which whatsapp leaks the cell-phone number of a victim. By using a volunteering individual, we demonstrate the feasibility of profiling the individual and provide further steps on how to disclose private and corporate information by using the leaked cell-phone number and the profiled information to introduce the adversary into a trust relationship with the victim. Once the victim trusts the adversary, social phishing can be used to retrieve further private or even corporate information.

Beschreibung

Kurowski, Sebastian (2014): Using a whatsapp vulnerability for profiling individuals. Open Identity Summit 2014. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-631-2. pp. 140-146. Stuttgart. 4.-6. November 2014

Schlagwörter

Zitierform

DOI

Tags

Sammlungen

P237 - Open Identity Summit 2014