Abstract
This paper investigates whether authentication credentials in the volatile memory of Android mobile devices can be discovered using freely available tools. The experiments that we carried out for each application included two different sets: In the first set, our goal was to check if we could recover our own submitted credentials from the memory dump of the mobile device. In the second set of experiments, the goal was to find patterns that can indicate where the credentials are located in a memory dump of an Android device. The results revealed that the majority of the Android applications are vulnerable to credentials discovery even in case of applications that their security is critical, such as web banking and password manager applications.
Chapter PDF
Similar content being viewed by others
References
http://www.foxnews.com/tech/2012/03/12/symantecs-lost-cell-phone-study-confirms-worst-in-people/ (retrieved on November 2012)
https://www.google.com/nexus/4/#play (retrieved on November 2012)
Study of Consumer Password Habits (September 2012), http://www.csid.com/news/csid-conducts-study-of-consumer-password-habits-finds-disconnect-in-practices-and-mindset/ (retrieved on November 2012)
http://www.idc.com/getdoc.jsp?containerId=prUS23771812 (retrieved on November 2012)
Bornstein, D.: Dalvik VM Internals. In: Google I/O Developer Conference (June 2008)
http://mobworld.wordpress.com/2010/07/05/memory-management-in-Android/ (retrieved on November 2012)
Hoog, A.: Android Forensics: Investigation, Analysis, and Mobile Security for Google Android. Syngress, Elsevier (June 2011)
Girault, E.: Volatilitux: Physical memory analysis of Linux systems (December 2010)
http://code.google.com/p/lime-forensics/ (retrieved on November 2012)
http://developer.Android.com/tools/debugging/ddms.html (retrieved on November 2012)
Vrizlynn, T., Ng, K.Y., Chang, E.-C.: Live memory forensics of mobile phones. In: Digital Forensic Research Workshop (2010)
Karayianni, S., Katos, V., Georgiadis, C.K.: A framework for password harvesting from volatile memory. International Journal of Electronic Security and Digital Forensics 4(2-3), 154–163 (2012)
Sylvea, J., Caseb, A., Marzialeb, L., Richard, G.: Acquisition and analysis of volatile memory from Android devices. Digital Investigation 8(3-4), 175–184 (2012)
http://thomascannon.net/projects/android-reversing/ (retrieved on November 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 International Federation for Information Processing
About this paper
Cite this paper
Apostolopoulos, D., Marinakis, G., Ntantogian, C., Xenakis, C. (2013). Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices. In: Douligeris, C., Polemi, N., Karantjias, A., Lamersdorf, W. (eds) Collaborative, Trusted and Privacy-Aware e/m-Services. I3E 2013. IFIP Advances in Information and Communication Technology, vol 399. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37437-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-37437-1_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37436-4
Online ISBN: 978-3-642-37437-1
eBook Packages: Computer ScienceComputer Science (R0)