Design and Evaluation of Enumeration Attacks on Package Tracking Systems
- Authors
- Jang, H.[Jang, H.]; Ji, W.[Ji, W.]; Woo, S.S.[Woo, S.S.]; Kim, H.[Kim, H.]
- Issue Date
- 2020
- Publisher
- Springer
- Keywords
- Enumeration attack; Package tracking systems; Privacy
- Citation
- Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), v.12248 LNCS, pp.543 - 559
- Indexed
- SCOPUS
- Journal Title
- Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
- Volume
- 12248 LNCS
- Start Page
- 543
- End Page
- 559
- URI
- https://scholarworks.bwise.kr/skku/handle/2021.sw.skku/6851
- DOI
- 10.1007/978-3-030-55304-3_28
- ISSN
- 0302-9743
- Abstract
- Most shipping companies provide a package tracking system where customers can easily track their package delivery status when the package is being shipped. However, we present a security problem called enumeration attacks against package tracking systems in which attackers can collect customers’ personal data illegally through the systems. We specifically examine the security of the package tracking websites of the top five popular shipping companies (Korea Post, CJ Logistics, Lotte Logistics, Logen, and Hanjin Shipping) in South Korea and found that enumeration attacks can be easily implemented with package tracking numbers or phone numbers. To show potential risks of enumeration attacks on the package tracking system, we automatically collected package tracking records from those websites through our attack tool. We gathered 1,398,112, 2,614,839, 797,676, 1,590,933, and 163,452 package delivery records from the websites of Korea Post, CJ Logistics, Lotte Logistics, Logen and Hanjin Shipping, respectively, during 6 months. Using those records, we uncover 4,420,214 names, 2,527,205 phone numbers, and 4,467,329 addresses. To prevent such enumeration attacks, we also suggest four practical defense approaches. © 2020, Springer Nature Switzerland AG.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Computing and Informatics > Computer Science and Engineering > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/skku/handle/2021.sw.skku/6851)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.