Detailed Information
Cited 2 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
I’ve got your number: Harvesting users’ personal data via contacts sync for the Kakaotalk messenger
- Issue Date
- 2015
- Publisher
- Springer Verlag
- Keywords
- Automated friends registration; Contacts sync; Enumeration attack; Information leakage; KakaoTalk; Privacy; Security; Smartphone
- Citation
- Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), v.8909, pp.55 - 67
- Indexed
- SCOPUS
- Volume
- 8909
- Start Page
- 55
- End Page
- 67
- ISSN
- 0302-9743
- Abstract
- Instant messaging (IM) is increasingly popular among not only Internet but also smartphone users. In this paper, we analyze the security issue of an IM application, KakaoTalk, which is the most widely used in South Korea, with a focus on automated friends registration based on contacts sync. We demonstrate that there are multiple ways of collecting victims’ personal information such as their names, phone numbers and photos, which can be potentially misused for a variety of cyber criminal activities. Our experimental results show that a user’s personal data can be obtained automatically (0.26 s on average), and a large portion of KakaoTalk users (around 73%) uses their real names as display names. Finally, we suggest reasonable countermeasures to mitigate the discovered attacks, which have been confirmed and patched by the developers. © Springer International Publishing Switzerland 2015.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Computing and Informatics > Computer Science and Engineering > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Related Researcher
- KIM, HYOUNG SHICK
- Computing and Informatics (Computer Science and Engineering)