@inproceedings{7687f3e5a4a54ad0bce19ff46f37b287,
title = "I{\textquoteright}ve got your number: Harvesting users{\textquoteright} personal data via contacts sync for the Kakaotalk messenger",
abstract = "Instant messaging (IM) is increasingly popular among not only Internet but also smartphone users. In this paper, we analyze the security issue of an IM application, KakaoTalk, which is the most widely used in South Korea, with a focus on automated friends registration based on contacts sync. We demonstrate that there are multiple ways of collecting victims{\textquoteright} personal information such as their names, phone numbers and photos, which can be potentially misused for a variety of cyber criminal activities. Our experimental results show that a user{\textquoteright}s personal data can be obtained automatically (0.26 s on average), and a large portion of KakaoTalk users (around 73\%) uses their real names as display names. Finally, we suggest reasonable countermeasures to mitigate the discovered attacks, which have been confirmed and patched by the developers.",
keywords = "Automated friends registration, Contacts sync, Enumeration attack, Information leakage, KakaoTalk, Privacy, Security, Smartphone",
author = "Eunhyun Kim and Kyungwon Park and Hyoungshick Kim and Jaeseung Song",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 15th International Workshop on Information Security Applications, WISA 2014 ; Conference date: 25-08-2014 Through 27-08-2014",
year = "2015",
doi = "10.1007/978-3-319-15087-1\_5",
language = "English",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "55--67",
editor = "Kyung-Hyune Rhee and Yi, \{Jeong Hyun\}",
booktitle = "Information Security Applications - 15th International Workshop, WISA 2014, Revised Selected Papers",
}