A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps

D'Orazio, CJ; Lu, R; Choo, KKR; Vasilakos, AV

A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps

D'Orazio, CJ Lu, R Choo, KKR Vasilakos, AV

Permalink

Publisher:: Elsevier
Publication Type:: Journal Article
Citation:: Applied Mathematics and Computation, 2017, 293, pp. 523-544
Issue Date:: 2017-01-15

Closed Access

	Filename	Description	Size
	1-s2.0-S0096300316305549-main.pdf		3.88 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	D'Orazio, CJ
dc.contributor.author	Lu, R
dc.contributor.author	Choo, KKR
dc.contributor.author	Vasilakos, AV
dc.date.accessioned	2022-08-24T05:36:42Z
dc.date.available	2022-08-24T05:36:42Z
dc.date.issued	2017-01-15
dc.identifier.citation	Applied Mathematics and Computation, 2017, 293, pp. 523-544
dc.identifier.issn	0096-3003
dc.identifier.issn	1873-5649
dc.identifier.uri	http://hdl.handle.net/10453/160794
dc.description.abstract	With the increased convergence of technologies whereby a user can access, store and transmit data across different devices in real-time, risks will arise from factors such as lack of appropriate security measures in place and users not having requisite levels of security awareness and not fully understanding how security measures can be used to their advantage. In this paper, we adapt our previously published adversary model for digital rights management (DRM) apps and demonstrate how it can be used to detect vulnerable iOS devices and to analyse (non-DRM) apps for vulnerabilities that can potentially be exploited. Using our adversary model, we investigate several (jailbroken and non-jailbroken) iOS devices, Australian Government Medicare Expert Plus (MEP) app, Commonwealth Bank of Australia app, Western Union app, PayPal app, PocketCloud Remote Desktop app and Simple Transfer Pro app, and reveal previously unknown vulnerabilities. We then demonstrate how the identified vulnerabilities can be exploited to expose the user's sensitive data and personally identifiable information stored on or transmitted from the device. We conclude with several recommendations to enhance the security and privacy of user data stored on or transmitted from these devices.
dc.language	English
dc.publisher	Elsevier
dc.relation.ispartof	Applied Mathematics and Computation
dc.relation.isbasedon	10.1016/j.amc.2016.08.051
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0102 Applied Mathematics, 0103 Numerical and Computational Mathematics, 0802 Computation Theory and Mathematics
dc.subject.classification	Numerical & Computational Mathematics
dc.title	A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps
dc.type	Journal Article
utslib.citation.volume	293
utslib.for	0102 Applied Mathematics
utslib.for	0103 Numerical and Computational Mathematics
utslib.for	0802 Computation Theory and Mathematics
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
utslib.copyright.status	closed_access	*
pubs.consider-herdc	false
dc.date.updated	2022-08-24T05:36:40Z
pubs.publication-status	Published
pubs.volume	293

Abstract:

With the increased convergence of technologies whereby a user can access, store and transmit data across different devices in real-time, risks will arise from factors such as lack of appropriate security measures in place and users not having requisite levels of security awareness and not fully understanding how security measures can be used to their advantage. In this paper, we adapt our previously published adversary model for digital rights management (DRM) apps and demonstrate how it can be used to detect vulnerable iOS devices and to analyse (non-DRM) apps for vulnerabilities that can potentially be exploited. Using our adversary model, we investigate several (jailbroken and non-jailbroken) iOS devices, Australian Government Medicare Expert Plus (MEP) app, Commonwealth Bank of Australia app, Western Union app, PayPal app, PocketCloud Remote Desktop app and Simple Transfer Pro app, and reveal previously unknown vulnerabilities. We then demonstrate how the identified vulnerabilities can be exploited to expose the user's sensitive data and personally identifiable information stored on or transmitted from the device. We conclude with several recommendations to enhance the security and privacy of user data stored on or transmitted from these devices.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/160794