2013
DOI: 10.1007/978-3-642-37437-1_15
|View full text |Cite
|
Sign up to set email alerts
|

Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices

Abstract: This paper investigates whether authentication credentials in the volatile memory of Android mobile devices can be discovered using freely available tools. The experiments that we carried out for each application included two different sets: In the first set, our goal was to check if we could recover our own submitted credentials from the memory dump of the mobile device. In the second set of experiments, the goal was to find patterns that can indicate where the credentials are located in a memory dump of an A… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
18
0
2

Year Published

2014
2014
2024
2024

Publication Types

Select...
4
2
2

Relationship

1
7

Authors

Journals

citations
Cited by 23 publications
(20 citation statements)
references
References 3 publications
0
18
0
2
Order By: Relevance
“…There have been several studies on Android, comparably dumping memory to look for sensitive data [2], [17], [1], [20], [37]. However, all of these approaches required a manual approach to capture and search the relevant memory images.…”
Section: B Test Frameworkmentioning
confidence: 99%
See 2 more Smart Citations
“…There have been several studies on Android, comparably dumping memory to look for sensitive data [2], [17], [1], [20], [37]. However, all of these approaches required a manual approach to capture and search the relevant memory images.…”
Section: B Test Frameworkmentioning
confidence: 99%
“…Apostolopoulos et al [2] showed that login credentials could be recovered from memory images using simple pattern matching. Hilgers et al [14] identified a variety of data structures in memory images (e.g., GPS coordinates within photo metadata).…”
Section: A Memory Forensicsmentioning
confidence: 99%
See 1 more Smart Citation
“…Apart from personal computers, sensitive information was also recovered from the volatile memory of Android devices using two different methods. More specifically, in the first method [12] the authors used the Linux Memory Extractor (LiME) kernel module [13] and a physical Samsung i9000 phone to dump the Android memory, whereas in the second technique [14] the Android emulator was used alongside with Dalvik Debug Monitor Server (DDMS) to acquire the memory data. In both cases, critical and secure applications, such as mobile banking and password managers, were examined and authentication credentials were recovered in plain text from the dumped memory.…”
Section: Related Workmentioning
confidence: 99%
“…In [2,20], Apostolopoulos et al search for authentication credentials in the process memory of applications. They use the Dalvik Debugging Monitor Server (DDMS) tool [20] and the LiME kernel module [12].…”
Section: Related Workmentioning
confidence: 99%