IEEE Consumer Electronics Magazine - May 2018 - 55

We demonstrated such an attack's feasibility through case
studies involving two Android applications (Starbucks and
MOCI) by analyzing the resource changes after using the
automatic login option. In those applications, we can simply
perform a user credential cloning attack by replacing some
files in a user's device with those in another user; repacking
and installing the application was not required. Furthermore,
we discussed five possible defense strategies to mitigate such
user credential cloning attacks.
In future work, we plan to investigate the feasibility of
user credential cloning attacks on a large sample of Android
applications. In addition, we contemplate developing a fully
automated implementation of user credential cloning attacks
for cracking most Android applications.

ACKNOWLEDGMENTS
This work was supported by the Defense Acquisition Program
Administration and the Agency for Defense Development under
the grant UD060048AD. We would like to thank all of the
anonymous reviewers for their valuable feedback.

ABOUT THE AUTHORS
Junsung Cho (js.cho@skku.edu) earned his B.S. degree from
the Department of Computer Engineering, Korea University
of Technology and Education, Chun-an, South Korea, in
2014. He is currently a graduate student with the Department
of Computer Science and Engineering, Sungkyunkwan University, Suwon, South Korea, supervised by Hyoungshick
Kim. His current research interests include usable security,
mobile security, and security engineering.
Dayeon Kim (dykim7796@skku.edu) earned her B.S.
degree from the Department of Computer Engineering, Korea
University of Technology and Education, Chun-an, South
Korea, in 2015. She is currently a graduate student with the
Department of Computer Science and Engineering, Sungkyunkwan University, Suwon, South Korea, supervised by
Dong Ryul Shin. Her current research interests include computer networks, mobile security, and data mining.
Hyoungshick Kim (hyoung@skku.edu) earned his B.S.
degree from the Department of Information Engineering,
Sungkyunkwan University, Suwon, South Korea; his M.S.
degree from the Department of Computer Science, Korea
Advanced Institute of Science and Technology, Daejeon,
South Korea; and his Ph.D. degree from the Computer Laboratory, Cambridge University, United Kingdom, in 1999,
2001, and 2012, respectively. He is currently an assistant professor with the Department of Software, Sungkyunkwan University. His current research interests include usable security
and security engineering.

REFERENCES
[1] D. Endler, "The evolution of cross site scripting attacks," iDEFENSE
Labs, Chantilly, VA, Tech. Rep., 2002.
[2] E. von Zezschwitz, A. De Luca, and H. Hussmann, "Honey, I shrunk
the keys: Influences of mobile devices on password composition and
authentication performance," in Proc. 8th Nordic Conf. Human-Computer Interaction: Fun, Fast, Foundational, 2014, pp. 461-470.

[3] D. DeFigueiredo, "The case for mobile two-factor authentication,"
IEEE Security Privacy, vol. 9, no. 5, pp. 81-85, 2011.
[4] S. Grzonkowski, A. Mosquera, L. Aouad, and D. Morss, "Smartphone security: An overview of emerging threats," IEEE Consum. Electron. Mag., vol. 3, no. 4, pp. 40-44, 2014.
[5] W. Zhou, Y. Zhou, X. Jiang, and P. Ning, "Detecting repackaged smartphone applications in third-party Android marketplaces," in Proc. 2nd ACM
Conf. Data and Application Security and Privacy, 2012, pp. 317-326.
[6] M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, "Riskranker: Scalable and accurate zero-day Android malware detection," in Proc. 10th Int.
Conf. Mobile Systems, Applications, and Services, 2012, pp. 281-294.
[7] Infosecurity Group. (2011, Mar. 10). 260,000 Android users infected
with malware. [Online]. Available: https://www.infosecurity-magazine
.com/news/260000-android-users-infected-with-malware/
[8] Android. (2017, Mar.). Android security 2016 year in review.
[Online]. Available: https://source.android.com/security/reports/Google_
Android_Security_2016_Report_Final.pdf
[9] H. Zhang, D. She, and Z. Qian, "Android root and its providers: A
double-edged sword," in Proc. 22nd ACM SIGSAC Conf. Computer and
Communications Security, 2015, pp. 1093-1104.
[10] F. Howarth. (2015, Oct. 12). Is rooting your phone safe? The security risks of rooting devices. Insights. [Online]. Available: https://insights
.samsung.com/2015/10/12/is-rooting-your-phone-safe-the-security-risksof-rooting-devices
[11] A. Boxall. (2015, Apr. 16). 80% of Android phone owners in China
have rooted their device. Business of Apps. [Online]. Available: http://
www.businessofapps.com/80-android-phone-owners-china-rooted-device
[12] Android Developers. Storage Options. [Online]. Available: http://
developer.android.com/guide/topics/data/data-storage.html
[13] C. Linn and S. Debray, "Obfuscation of executable code to improve
resistance to static disassembly," in Proc. 10th ACM Conf. Computer and
Communications Security, 2003, pp. 290-299.
[14] M. N. Gagnon, S. Taylor, and A. K. Ghosh, "Software protection
through anti-debugging," IEEE Security Privacy, vol. 5, no. 3, pp. 82-84,
2007.
[15] S. Schrittwieser and S. Katzenbeisser, "Code obfuscation against
static and dynamic reverse engineering," in Proc. 13th Int. Conf. Information Hiding, 2011, pp. 270-284.
[16] S. Sun, A. Cuadros, and K. Beznosov, "Android rooting: Methods,
detection, and evasion," in Proc. 5th Workshop Security and Privacy
Smartphones and Mobile Devices, 2015, pp. 3-14.
[17] S. Gaw and E. W. Felten, "Password management strategies for
online accounts," in Proc. 2nd Symp. Usable Privacy and Security, 2006,
pp. 44-55.
[18] W. Enck, M. Ongtang, and P. McDaniel, "Understanding Android
security," IEEE Security Privacy, vol. 7, no. 1, pp. 50-57, 2009.
[19] W. Song, H. Choi, J. Kim, E. Kim, Y. Kim, and J. Kim, "Pikit: A
new kernel-independent processor-interconnect rootkit," in Proc. 25th
USENIX Security Symp., 2016, pp. 37-51.
[20] ARM Security Technology, "Building a secure system using TrustZone technology," ARM, Cambridge, England, Tech. Rep. PRD29GENC-009492C, 2009.
[21] D. Challener, K. Yoder, R. Catherman, D. Safford, and L. Van
Doorn, A Practical Guide to Trusted Computing. Indianapolis, IN: IBM
Press, 2007.
[22] Open Web Application Security Project. (2016, Mar. 31). Mobile
top 10 2014-M2. [Online]. Available: https://www.owasp.org/index.php/
Mobile_ Top_ 10_ 2014-M2
[23] J. King, "Android application security with OWASP mobile top 10
2014," Master's thesis, Lulea Univ. Technology, Sweden, 2014.
[24] J. Choi, H. Cho, and J. H. Yi, "Personal information leaks with automatic login in mobile social network services," Entropy, vol. 17, no. 6,
pp. 3947-3962, 2015.
[25] S. Park, C. Seo, and J. H. Yi, "Cyber threats to mobile messenger
apps from identity cloning," Intell. Automation Soft Comput., vol. 22,
no. 3, pp. 379-387, 2015.

MAy 2018

^

IEEE Consumer Electronics Magazine

55



https://www.infosecurity-magazine.com/news/260000-android-users-infected-with-malware/ https://www.infosecurity-magazine.com/news/260000-android-users-infected-with-malware/ https://source.android.com/security/reports/Google_Android_Security_2016_Report_Final.pdf https://source.android.com/security/reports/Google_Android_Security_2016_Report_Final.pdf https://insights.samsung.com/2015/10/12/is-rooting-your-phone-safe-the-security-risks-of-rooting-devices https://insights.samsung.com/2015/10/12/is-rooting-your-phone-safe-the-security-risks-of-rooting-devices http://www.businessofapps.com/80-android-phone-owners-china-rooted-device http://www.businessofapps.com/80-android-phone-owners-china-rooted-device http://developer.android.com/guide/topics/data/data-storage.html http://developer.android.com/guide/topics/data/data-storage.html https://www.owasp.org/index.php/Mobile_ Top_ 10_ 2014-M2 https://www.owasp.org/index.php/Mobile_ Top_ 10_ 2014-M2

Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - May 2018

IEEE Consumer Electronics Magazine - May 2018 - Cover1
IEEE Consumer Electronics Magazine - May 2018 - Cover2
IEEE Consumer Electronics Magazine - May 2018 - 1
IEEE Consumer Electronics Magazine - May 2018 - 2
IEEE Consumer Electronics Magazine - May 2018 - 3
IEEE Consumer Electronics Magazine - May 2018 - 4
IEEE Consumer Electronics Magazine - May 2018 - 5
IEEE Consumer Electronics Magazine - May 2018 - 6
IEEE Consumer Electronics Magazine - May 2018 - 7
IEEE Consumer Electronics Magazine - May 2018 - 8
IEEE Consumer Electronics Magazine - May 2018 - 9
IEEE Consumer Electronics Magazine - May 2018 - 10
IEEE Consumer Electronics Magazine - May 2018 - 11
IEEE Consumer Electronics Magazine - May 2018 - 12
IEEE Consumer Electronics Magazine - May 2018 - 13
IEEE Consumer Electronics Magazine - May 2018 - 14
IEEE Consumer Electronics Magazine - May 2018 - 15
IEEE Consumer Electronics Magazine - May 2018 - 16
IEEE Consumer Electronics Magazine - May 2018 - 17
IEEE Consumer Electronics Magazine - May 2018 - 18
IEEE Consumer Electronics Magazine - May 2018 - 19
IEEE Consumer Electronics Magazine - May 2018 - 20
IEEE Consumer Electronics Magazine - May 2018 - 21
IEEE Consumer Electronics Magazine - May 2018 - 22
IEEE Consumer Electronics Magazine - May 2018 - 23
IEEE Consumer Electronics Magazine - May 2018 - 24
IEEE Consumer Electronics Magazine - May 2018 - 25
IEEE Consumer Electronics Magazine - May 2018 - 26
IEEE Consumer Electronics Magazine - May 2018 - 27
IEEE Consumer Electronics Magazine - May 2018 - 28
IEEE Consumer Electronics Magazine - May 2018 - 29
IEEE Consumer Electronics Magazine - May 2018 - 30
IEEE Consumer Electronics Magazine - May 2018 - 31
IEEE Consumer Electronics Magazine - May 2018 - 32
IEEE Consumer Electronics Magazine - May 2018 - 33
IEEE Consumer Electronics Magazine - May 2018 - 34
IEEE Consumer Electronics Magazine - May 2018 - 35
IEEE Consumer Electronics Magazine - May 2018 - 36
IEEE Consumer Electronics Magazine - May 2018 - 37
IEEE Consumer Electronics Magazine - May 2018 - 38
IEEE Consumer Electronics Magazine - May 2018 - 39
IEEE Consumer Electronics Magazine - May 2018 - 40
IEEE Consumer Electronics Magazine - May 2018 - 41
IEEE Consumer Electronics Magazine - May 2018 - 42
IEEE Consumer Electronics Magazine - May 2018 - 43
IEEE Consumer Electronics Magazine - May 2018 - 44
IEEE Consumer Electronics Magazine - May 2018 - 45
IEEE Consumer Electronics Magazine - May 2018 - 46
IEEE Consumer Electronics Magazine - May 2018 - 47
IEEE Consumer Electronics Magazine - May 2018 - 48
IEEE Consumer Electronics Magazine - May 2018 - 49
IEEE Consumer Electronics Magazine - May 2018 - 50
IEEE Consumer Electronics Magazine - May 2018 - 51
IEEE Consumer Electronics Magazine - May 2018 - 52
IEEE Consumer Electronics Magazine - May 2018 - 53
IEEE Consumer Electronics Magazine - May 2018 - 54
IEEE Consumer Electronics Magazine - May 2018 - 55
IEEE Consumer Electronics Magazine - May 2018 - 56
IEEE Consumer Electronics Magazine - May 2018 - 57
IEEE Consumer Electronics Magazine - May 2018 - 58
IEEE Consumer Electronics Magazine - May 2018 - 59
IEEE Consumer Electronics Magazine - May 2018 - 60
IEEE Consumer Electronics Magazine - May 2018 - 61
IEEE Consumer Electronics Magazine - May 2018 - 62
IEEE Consumer Electronics Magazine - May 2018 - 63
IEEE Consumer Electronics Magazine - May 2018 - 64
IEEE Consumer Electronics Magazine - May 2018 - 65
IEEE Consumer Electronics Magazine - May 2018 - 66
IEEE Consumer Electronics Magazine - May 2018 - 67
IEEE Consumer Electronics Magazine - May 2018 - 68
IEEE Consumer Electronics Magazine - May 2018 - 69
IEEE Consumer Electronics Magazine - May 2018 - 70
IEEE Consumer Electronics Magazine - May 2018 - 71
IEEE Consumer Electronics Magazine - May 2018 - 72
IEEE Consumer Electronics Magazine - May 2018 - 73
IEEE Consumer Electronics Magazine - May 2018 - 74
IEEE Consumer Electronics Magazine - May 2018 - 75
IEEE Consumer Electronics Magazine - May 2018 - 76
IEEE Consumer Electronics Magazine - May 2018 - 77
IEEE Consumer Electronics Magazine - May 2018 - 78
IEEE Consumer Electronics Magazine - May 2018 - 79
IEEE Consumer Electronics Magazine - May 2018 - 80
IEEE Consumer Electronics Magazine - May 2018 - 81
IEEE Consumer Electronics Magazine - May 2018 - 82
IEEE Consumer Electronics Magazine - May 2018 - 83
IEEE Consumer Electronics Magazine - May 2018 - 84
IEEE Consumer Electronics Magazine - May 2018 - 85
IEEE Consumer Electronics Magazine - May 2018 - 86
IEEE Consumer Electronics Magazine - May 2018 - 87
IEEE Consumer Electronics Magazine - May 2018 - 88
IEEE Consumer Electronics Magazine - May 2018 - 89
IEEE Consumer Electronics Magazine - May 2018 - 90
IEEE Consumer Electronics Magazine - May 2018 - 91
IEEE Consumer Electronics Magazine - May 2018 - 92
IEEE Consumer Electronics Magazine - May 2018 - 93
IEEE Consumer Electronics Magazine - May 2018 - 94
IEEE Consumer Electronics Magazine - May 2018 - 95
IEEE Consumer Electronics Magazine - May 2018 - 96
IEEE Consumer Electronics Magazine - May 2018 - 97
IEEE Consumer Electronics Magazine - May 2018 - 98
IEEE Consumer Electronics Magazine - May 2018 - 99
IEEE Consumer Electronics Magazine - May 2018 - 100
IEEE Consumer Electronics Magazine - May 2018 - 101
IEEE Consumer Electronics Magazine - May 2018 - 102
IEEE Consumer Electronics Magazine - May 2018 - 103
IEEE Consumer Electronics Magazine - May 2018 - 104
IEEE Consumer Electronics Magazine - May 2018 - 105
IEEE Consumer Electronics Magazine - May 2018 - 106
IEEE Consumer Electronics Magazine - May 2018 - 107
IEEE Consumer Electronics Magazine - May 2018 - 108
IEEE Consumer Electronics Magazine - May 2018 - 109
IEEE Consumer Electronics Magazine - May 2018 - 110
IEEE Consumer Electronics Magazine - May 2018 - 111
IEEE Consumer Electronics Magazine - May 2018 - 112
IEEE Consumer Electronics Magazine - May 2018 - 113
IEEE Consumer Electronics Magazine - May 2018 - 114
IEEE Consumer Electronics Magazine - May 2018 - 115
IEEE Consumer Electronics Magazine - May 2018 - 116
IEEE Consumer Electronics Magazine - May 2018 - 117
IEEE Consumer Electronics Magazine - May 2018 - 118
IEEE Consumer Electronics Magazine - May 2018 - 119
IEEE Consumer Electronics Magazine - May 2018 - 120
IEEE Consumer Electronics Magazine - May 2018 - Cover3
IEEE Consumer Electronics Magazine - May 2018 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20240102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20231112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20221112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20211112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202010
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202009
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202007
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202004
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202003
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202001
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201909
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201907
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201905
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201903
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201901
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201811
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201809
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201807
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201805
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201803
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2015
https://www.nxtbookmedia.com