Chinese Journal of Network and Information Security ›› 2020, Vol. 6 ›› Issue (6): 137-151.doi: 10.11959/j.issn.2096-109x.2020081

• Papers • Previous Articles     Next Articles

Issues of identity verification of typical applications over mobile terminal platform

Xiaolin ZHANG1,2,Dawu GU1,2,Chi ZHANG1   

  1. 1 School of Electronic Information and Electrical Engineering,Shanghai Jiaotong University,Shanghai 200240,China
    2 School of Cyber Engineering,Xidian University,Xi’an 710126,China
  • Revised:2020-07-03 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    Security Protection Technology of Embedded Components and Control Units in Power System Terminal(2019GW-12)

Abstract:

Recent studies have shown that attacks against USIM card are increasing,and an attacker can use the cloned USIM card to bypass the identity verification process in some applications and thereby get the unauthorized access.Considering the USIM card being cloned easily even under 5G network,the identity verification process of the popular mobile applications over mobile platform was analyzed.The application behaviors were profiled while users were logging in,resetting password,and performing sensitive operations,thereby the tree model of application authentication was summarized.On this basis,58 popular applications in 7 categories were tested including social communication,healthcare,etc.It found that 29 of them only need SMS verification codes to get authenticated and obtain permissions.To address this issue,two-step authentication was suggested and USIM anti-counterfeiting was applied to assist the authentication process.

Key words: mobile application, USIM cloning, SMS, authentication, mobile app testing

CLC Number: