PRIVATE INFORMATION EXPOSURE IN ONLINE SOCIAL NETWORKS WITH IOS, ANDROID AND SYMBIAN MOBILE DEVICES

Security and Cooperation in Wireless NetworksLaboratory For Communications and Applications1Mini Project Final PresentationSupervisors: Igor Bilogrevic

Mathias Humbert

  Vassilis Agrafiotis – Communication

Systems MA3

1/17

Roadmap

Motivation and Introduction Set Up Methodology Results

Privacy Risk Scale Results Summary

Conclusion and Improvements

2

Motivation

To which extent is Privacy respected within Online Social Networks (OSN) ?

Study by looking for Private information disclosure in mobile OSNs

For some mobile platforms, different social networks require unnecessary personal – private information in order to perform an action.

Simulation and traffic analysis project

3

Introduction

Selection of OSNs to investigate according to their popularity

4

Introduction

Mobile Platforms studied:iOS, Android, Symbian

Access OSN and record traffic from mobile web browser mobile Application if available

5

Set Up6

Set Up7

Methodology

Fake accounts for every OSN created

Set of possible actions defined within each OSN

Manually simulated execution for every OSN

Network traffic captured using WireShark

8

Methodology

Traffic traces analyzed using a Java parser

Specific format information ex. email Coordinate like decimals

Further analysis with manual inspection of traces

9

Methodology

A lot of traces were encrypted In this case, we collected also traffic by

accessing the OSNs through a PC for comparison

During the sniffing stage, we recorded the usage of GPS by noticing the GPS flash indication on the Smartphone

10

Privacy Risk Scale11

Results

In overall no major privacy violation discovered

Most of the traffic was encrypted Thus unable to accurately determine traffic

content Threat: what information is actually sent?

Type of information exchanged between SmartPhone and OSN are platform indepedent

12

13

Results 14

Results15

Results16

Conclusion and Improvements Popular OSNs are taking privacy seriously, but

still place to improveEncrypted traffic may be a 2-headed feature

Extend our study to others OSNs

Use emulator to simulate the execution and the usage of OSNs

TEMA project for Android platform

Record system calls in order to have more evidence about the type of information sent to OSNs servers

17