Wei Dong

DOI: https://doi.org/10.4028/www.scientific.net/amm.543-547.2884

2014-01-01

Applied Mechanics and Materials

Abstract:The last few years has seen a massive growth of applications for smart phone operating systems such as Android, IOS. Short message services (SMS) is one of them. Although SMS as an application has existed for a long time, the method for managing short messages is rather outdated and very inconvenient. The is partially because most of the SMS applications are inherited from old fashioned mobile platforms, in which users of mobile phone usually concentrate on basic phone service and demand less for SMS. With the introduction of smart phone operating system, the old-fashioned method of short messages management is not suitable. To cope with this problem, in this paper we first conduct research on modern ways of short messages management, and then a short message services management system for mobile devices is designed. In this new system, more advanced options, such as messages query by date, by sender and sending a message to many receivers at the same time, for short messages is provided. Moreover, to validate our research and design, we implement the system based on Android platform. And we conduct some experiments with this system and test results shows that our system works quite well. With the mobile Internet becoming increasingly important to life, our research is expected to improve work efficiency greatly.

Shuyin Zheng,Pingjie Huang,Dibo Hou,Midi Gao,Jiachen Li,Xuliang Shan,Guangxin Zhang

DOI: https://doi.org/10.1109/icetce.2012.863

2012-01-01

Abstract:Short message service(SMS), based on GSM, has been applied in various fields. In the mean time, the application of publishing of remote monitoring and early-warning information, which uses the pattern of short message, also grows up over time. After analyzing the features of existing systems and wireless communication service theory, this paper designs and develops a SMS platform, aiming at certain water-information monitoring and early-warning system. In this way, water early-warning information can be published in-time and reliably, thus corresponding feasible preventive measures for upcoming water quality problems could be taken and the influence of water quality events on normal production and life could be minimized, and the economic and social sustainable development could be guaranteed.

QIAN Ya-li,ZHAO Guang-zhou

DOI: https://doi.org/10.3969/j.issn.1001-4551.2007.01.009

2007-01-01

Abstract:The three configurations of long-distance monitor and control area protecting system was introduced.The actualization of communication module was discoursed,the module was divided into two parts,one was the Modem and COM communication actualization,the other was the monitor layer and measure layer communication actualization.

程龙兴,胡协和,冯冬芹,黄文君

DOI: https://doi.org/10.3969/j.issn.1002-1841.2005.01.007

2005-01-01

Abstract:Remote data acquisition has been widely applied in many industry fields such as metallurgy and chemical, but many remote data acquisition system which are often been used have much shortcoming. Development of GSM communication technology makes Short Message begin to be applied on industrial control field. Short Message System has the merits of wide coverage, low cost, easy development and high reliability, so it is fit for remote data acquisition. Introduced the development of a remote data acquisition system based on SMS,including its structure and software designing. Now it has been applied in remote data acquisition of seweragegetting better effect.

朱万贵,郑国君,顾新建

DOI: https://doi.org/10.3969/j.issn.1009-0134.2003.12.009

2003-01-01

Abstract:Remote monitor and control technology is a pop topic in modern manufacturing; Shortmessage is one of the up to date technology and it owns many merits. Such as: easydevelopment、low cost、free service、high reliability and so on. In this paper we discussthe theory and operation of SMS in GSM Net and do some research on the design andrealization of Remote Monitor and Control System base on SMS in manufacturing.

Guan-Hua Tu,Chi-Yu Li,Chunyi Peng,Yuanjie Li,Songwu Lu

DOI: https://doi.org/10.1145/2976749.2978393

2016-01-01

Abstract:SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packet-switched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spoofing, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We finally propose remedies to the identified security issues.

Zeyu Lei,Yuhong Nan,Yanick Fratantonio,Antonio Bianchi

DOI: https://doi.org/10.14722/ndss.2021.24212

2021-01-01

Abstract:SMS messages containing One-Time Passwords (OTPs) are a widely used mechanism for performing authentication in mobile applications. In fact, many popular apps use OTPs received via SMS as the only authentication factor, entirely replacing password-based authentication schemes. Although SMS OTP authentication mechanisms provide significant convenience to end-users, they also have significant security implications. In this paper, we study these mobile apps' authentication schemes based on SMS OTPs, and, in particular, we perform a systematic study on the threats posed by "local attacks," a scenario in which an attacker has control over an unprivileged third-party app on the victim's device. This study was carried out using a combination of reverse engineering, formal verification, user studies, and large-scale automated analysis. Our work not only revealed vulnerabilities in third-party apps, but it also uncovered several new design and implementation flaws in core APIs implemented by the mobile operating systems themselves. For instance, we found two official Android APIs to be vulnerable by design, i.e., APIs that inevitably lead to the implementation of insecure authentication schemes, even when used according to their documentation. Moreover, we found that other APIs are prone to be used unsafely by apps' developers. Our large-scale study found 36 apps, sharing hundreds of millions of installations, that misuse these APIs, allowing a malicious local attacker to completely hijack their accounts. Such vulnerable apps include Telegram and KakaoTalk, some of the most popular messaging apps worldwide. Finally, we proposed a new and safer mechanism to perform SMS-based authentication, and we prove its safety using formal verification.

杨传舜,李明禄

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.z1.242

2004-01-01

Abstract:This paper introduces the scheme of a secure SMS platform, which is based on Web service technology and Web service security model. It introduces Web service and Web service security architecture. It describes the detail design of secure SMS platform in demo project. It also discusses some possible potential problems of Web service and WS-Security technology, including performance,responsibility and extensibility.

Mingxuan Liu,Yiming Zhang,Baojun Liu,Zhou Li,Haixin Duan,Donghong Sun

DOI: https://doi.org/10.1145/3485832.3488012

2021-01-01

Abstract:Although spearphishing is a well-known security issue and has been widely researched, it is still an evolving threat with emerging forms. In recent years, Short Message Service (SMS) has been revealed as a new distribution channel for spearphishing messages, which already has caused a serious impact in the real world, but has not yet attracted enough attention from the academic community. In this paper, we report the first systemic study to spotlight this emerging threat, SMS spearphishing attack. Through cooperating with a leading security vendor, we obtain 31.96M real-world spam messages that span three months. We design and implement a novel NLP-based detection algorithm, and uncover 90,801 spearphishing messages on the entire dataset. And then, a large-scale measurement was performed on the detected messages to reveal and understand the characteristics of SMS spearphishing attack. Our findings are multi-fold. We discover that SMS spearphishing has a significant negative impact on the real-world, and a large number of victims have been affected. And the distribution of active illicit types between spearphishing message and common spam is quite inconsistent. At the micro-level, to evade detection and increase the probability of success, adversary campaigns have evolved a set of sophisticated strategies. Our research highlights the impact of SMS spearphishing attack is prominent. We call on different communities to work together to mitigate this emerging security threat.

Siqi Ma,Runhan Feng,Juanru Li,Yang Liu,Surya Nepal,Diethelm Ostry,Elisa Bertino,Robert H. Deng,Zhuo Ma,Sanjay Jha

DOI: https://doi.org/10.1145/3359789.3359828

2019-01-01

Abstract:A great quantity of user passwords nowadays has been leaked through security breaches of user accounts. To enhance the security of the Password Authentication Protocol (PAP) in such circumstance, Android app developers often implement a complementary One-Time Password (OTP) authentication by utilizing the short message service (SMS). Unfortunately, SMS is not specially designed as a secure service and thus an SMS One-Time Password is vulnerable to many attacks. To check whether a wide variety of currently used SMS OTP authentication protocols in Android apps are properly implemented, this paper presents an empirical study against them. We first derive a set of rules from RFC documents as the guide to implement secure SMS OTP authentication protocol. Then we implement an automated analysis system, AUTH-EYE, to check whether a real-world OTP authentication scheme violates any of these rules. Without accessing server source code, AUTH-EYE executes Android apps to trigger the OTP-relevant functionalities and then analyzes the OTP implementations including those proprietary ones. By only analyzing SMS responses, AUTH-EYE is able to assess the conformance of those implementations to our recommended rules and identify the potentially insecure apps. In our empirical study, AUTH-EYE analyzed 3,303 popular Android apps and found that 544 of them adopt SMS OTP authentication. The further analysis of AUTH-EYE demonstrated a far-from-optimistic status: the implementations of 536 (98.5%) out of the 544 apps violate at least one of our defined rules. The results indicate that Android app developers should seriously consider our discussed security rules and violations so as to implement SMS OTP properly.

CHEN Zhen,XU Jian-lin,YU Yi-fan,LIU Hong-jian

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.12.002

2013-01-01

Abstract:With the wide application of mobile terminal, security issues of mobile network software system have become increasingly prominent, the world has many researchers devoted themselves to the study of mobile network system security. This paper analyzes the current commonly used in mobile network software architecture and security risk, put forward a variety of security solutions for the direction and methods, summarizes the progress of research in the field on each direction, the security tools are analyzed, and the future research ideas are discussed.

SUN Qindong,HUANG Xinbo,WANG Qian,GUAN Xiaohong,GAO Peng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.13.094

2007-01-01

Abstract:In order to prevent the flooding of illegal short messages(SM),the sending mechanism of SM is analyzed and a monitoring scheme of SM is proposed.The audit model is established,which could filter both the text short messages and multimedia short messages,and the function of each module is discussed.The key audit technologies are discussed,and the main ideas of algorithms used in the audit system are proposed.

Caixia Liu,Xinsheng Ji,Jiangxing Wu,Xiao Qin

DOI: https://doi.org/10.1007/s11432-017-9428-6

2018-01-01

Science China Information Sciences

Abstract:>Dear editor,Several studies have recently reported on major vulnerabilities in the Signaling System No.7 (SS7)used in mobile networks [1, 2]. The reported vulnerabilities and security issues would lead to the illegal acquisition and tampering of mobile communication user data, known as cellphone user data. The cellphone user data contain important information such as identity identification, location identification, security parameter-set. Due to

Xianyong Meng,Kai Qian,Dan Lo,Prabir Bhattacharya,Fan Wu

DOI: https://doi.org/10.1109/isncc.2018.8531071

2018-01-01

Abstract:The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education.

Weizhe Zhang,Xiong Li,Naixue Xiong,Athanasios V. Vasilakos

DOI: https://doi.org/10.1007/s00779-016-0966-0

2016-09-16

Personal and Ubiquitous Computing

Abstract:With the popularity of mobile phones with Android platform, Android platform-based individual privacy information protection has been paid more attention to. In consideration of individual privacy information problem after mobile phones are lost, this paper tried to use SMS for remote control of mobile phones and providing comprehensive individual information protection method for users and completed a mobile terminal system with self-protection characteristics. This system is free from the support of the server and it can provide individual information protection for users by the most basic SMS function, which is an innovation of the system. Moreover, the protection mechanism of the redundancy process, trusted number mechanism and SIM card detection mechanism are the innovations of this system. Through functional tests and performance tests, the system could satisfy user functional and non-functional requirements, with stable operation and high task execution efficiency.

computer science, information systems,telecommunications

Guan-Hua Tu,Yuanjie Li,Chunyi Peng,Chi-Yu Li,Muhammad Taqi Raza,Hsiao-Yun Tseng,Songwu Lu

DOI: https://doi.org/10.48550/arXiv.1510.08531

2015-10-29

Cryptography and Security

Abstract:Mobile Internet is becoming the norm. With more personalized mobile devices in hand, many services choose to offer alternative, usually more convenient, approaches to authenticating and delivering the content between mobile users and service providers. One main option is to use SMS (i.e., short messaging service). Such carrier-grade text service has been widely used to assist versatile mobile services, including social networking, banking, to name a few. Though the text service can be spoofed via certain Internet text service providers which cooperated with carriers, such attacks haven well studied and defended by industry due to the efforts of research community. However, as cellular network technology advances to the latest IP-based 4G LTE, we find that these mobile services are somehow exposed to new threats raised by this change, particularly on 4G LTE Text service (via brand-new distributed Mobile-Initiated Spoofed SMS attack which is not available in legacy 2G/3G systems). The reason is that messaging service over LTE shifts from the circuit-switched (CS) design to the packet-switched (PS) paradigm as 4G LTE supports PS only. Due to this change, 4G LTE Text Service becomes open to access. However, its shields to messaging integrity and user authentication are not in place. As a consequence, such weaknesses can be exploited to launch attacks (e.g., hijack Facebook accounts) against a targeted individual, a large scale of mobile users and even service providers, from mobile devices. Current defenses for Internet-Initiated Spoofed SMS attacks cannot defend the unprecedented attack. Our study shows that 53 of 64 mobile services over 27 industries are vulnerable to at least one threat. We validate these proof-of-concept attacks in one major US carrier which supports more than 100 million users. We finally propose quick fixes and discuss security insights and lessons we have learnt.

Yang Liu

2009-01-01

Abstract:With the fast development of mobile communication industry, the security and secrecy of information has become vital.Nowadays, the security of communication is of great importance to confirm the safety of business information.On the situation that the mobile phone has been diffusely applied, the hidden safety troubles of mobile phone should not be ignored(such as wire tapping, imitated handset station, blue teeth connection, and cell phone virus ).Cell phone security issue has become urgent to solve the current important issues.The GSM Management Centre programme to solve the major symmetric key cryptosystem based on the virtual private network applications, the management center can manage one or more virtual private networks, and virtual private network within the terminal for the realization of a key, storage, distribution, replacement and destruction, and other functions, and to provide security management for mobile phone services.

Yangyi Chen,Tongxin Li,Xiaofeng Wang,Kai Chen,Xinhui Han

DOI: https://doi.org/10.1145/2810103.2813652

2015-01-01

Abstract:In this paper, we report the first large-scale, systematic study on the security qualities of emerging push-messaging services, focusing on their app-side service integrations. We identified a set of security properties different push-messaging services (e.g., Google Cloud Messaging) need to have, and automatically verified them in different integrations using a new technique, called Seminal. Seminal is designed to extract semantic information from a service's sample code, and leverage the information to evaluate the security qualities of the service's SDKs and its integrations within different apps. Using this tool, we studied 30 leading services around the world, and scanned 35,173 apps. Our findings are astonishing: over 20% apps in Google Play and 50% apps in mainstream Chinese app markets are riddled with security-critical loopholes, putting a huge amount of sensitive user data at risk. Also, our research brought to light new types of security flaws never known before, which can be exploited to cause serious confusions among popular apps and services (e.g., Facebook, Skype, Yelp, Baidu Push). Taking advantage of such confusions, the adversary can post his content to the victim's apps in the name of trusted parties and intercept her private messages. The study highlights the serious challenges in securing push-messaging services and an urgent need for improving their security qualities.

Xinran Liu,Paul R Sutton,Rory McKenna,Mika N Sinanan,B Jane Fellner,Michael G Leu,Cris Ewell

DOI: https://doi.org/10.1055/s-0039-1678607

Abstract:Objective: The use of text messaging in clinical care has become ubiquitous. Due to security and privacy concerns, many hospital systems are evaluating secure text messaging applications. This paper highlights our evaluation process, and offers an overview of secure messaging functionalities, as well as a framework for how to evaluate such applications. Methods: Application functionalities were gathered through literature review, Web sites, speaking with representatives, demonstrations, and use cases. Based on similar levels of functionalities, vendors were grouped into three tiers. Essential and secondary functionalities for our health system were defined to help narrow our vendor choices. Results: We stratified 19 secure messaging vendors into three tiers: basic secure communication, secure communication within an existing clinical application, and dedicated communication and collaboration systems. Our essential requirements revolved around functionalities to enhance security and communication, while advanced functionalities were mostly considered secondary. We then narrowed our list of 19 vendors to four, then created clinical use cases to rank the final vendors. Discussion: When evaluating a secure messaging application, numerous factors must be considered in parallel. These include: what clinical processes to improve, archiving text messages, mobile device management, bring your own device policy, and Wi-Fi architecture. Conclusion: Secure messaging applications provide a Health Insurance Portability and Accountability Act (HIPAA) compliant communication platform, and also include functionality to improve clinical collaboration and workflow. We hope that our evaluation framework can be used by other health systems to find a secure messaging application that meets their needs.

Guan-Shi ZHENG,Zheng ZHANG,Wei-Hua ZHANG

DOI: https://doi.org/10.15888/j.cnki.csa.005354

2016-01-01

Abstract:The popularity of mobile system has attracted malware developers. To ensure the security of users’ privacy and property, there has been numerous solutions targeting current security issues of mobile system. In this paper, it introduces the prevalent mobile operating systems and the mobile application security analysis methodologies. In addition, it makes analysis and discussion. At last, it proposes the prospects of possible directions of mobile application analysis approaches and endswith a conclusion.